Last active
May 20, 2024 16:20
-
-
Save TheWover/b5a340b1cac68156306866ff24e5934c to your computer and use it in GitHub Desktop.
Non-exhaustive list of auto-elevating applications in Windows 10.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Reference: https://www.researchgate.net/publication/319454675_Testing_UAC_on_Windows_10 | |
| Get-ChildItem "C:\Windows\System32\*.exe" | Select-String -pattern "<autoElevate>true</autoElevate>" | |
| C:\Windows\System32\bthudtask.exe:78: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\changepk.exe:194: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\ComputerDefaults.exe:308: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\dccw.exe:464: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\dcomcnfg.exe:90: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\DeviceEject.exe:116: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\DeviceProperties.exe:90: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\djoin.exe:291: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\easinvoker.exe:484: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\EASPolicyManagerBrokerHost.exe:310: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\eudcedit.exe:1282: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\eventvwr.exe:130: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\fodhelper.exe:235: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\fsquirt.exe:427: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\FXSUNATD.exe:137: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\immersivetpmvscmgrsvr.exe:823: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\iscsicli.exe:391: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\iscsicpl.exe:88: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\lpksetup.exe:3384: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\MSchedExe.exe:79: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\msconfig.exe:535: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\msra.exe:1913: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\MultiDigiMon.exe:191: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\newdev.exe:145: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\odbcad32.exe:94: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\PasswordOnWakeSettingFlyout.exe:218: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\pwcreator.exe:4257: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\rdpshell.exe:4331: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\recdisc.exe:673: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\rrinstaller.exe:264: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\shrpubw.exe:236: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\slui.exe:1424: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\SystemPropertiesAdvanced.exe:92: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\SystemPropertiesComputerName.exe:92: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe:94: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\SystemPropertiesHardware.exe:92: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\SystemPropertiesPerformance.exe:88: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\SystemPropertiesProtection.exe:92: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\SystemPropertiesRemote.exe:92: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\SystemSettingsAdminFlows.exe:2278: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\SystemSettingsRemoveDevice.exe:188: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\Taskmgr.exe:12293: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\tcmsetup.exe:127: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\TpmInit.exe:232: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\WindowsUpdateElevatedInstaller.exe:252: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\WSReset.exe:133: <autoElevate>true</autoElevate> | |
| C:\Windows\System32\wusa.exe:623: <autoElevate>true</autoElevate> | |
| Get-ChildItem "C:\Windows\SysWOW64\*.exe" | Select-String -pattern "<autoElevate>true</autoElevate>" | |
| C:\Windows\SysWOW64\bthudtask.exe:68: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\ComputerDefaults.exe:161: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\dccw.exe:263: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\dcomcnfg.exe:83: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\eudcedit.exe:658: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\eventvwr.exe:75: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\fsquirt.exe:224: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\iscsicli.exe:181: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\iscsicpl.exe:67: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\newdev.exe:103: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\odbcad32.exe:65: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe:139: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\rrinstaller.exe:122: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\shrpubw.exe:134: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe:66: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\SystemPropertiesComputerName.exe:66: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:66: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\SystemPropertiesHardware.exe:68: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\SystemPropertiesPerformance.exe:66: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\SystemPropertiesProtection.exe:66: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\SystemPropertiesRemote.exe:67: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\Taskmgr.exe:8505: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\tcmsetup.exe:80: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\TpmInit.exe:181: <autoElevate>true</autoElevate> | |
| C:\Windows\SysWOW64\wusa.exe:281: <autoElevate>true</autoElevate> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment