├── Antivirus.bat ├── Antivirus.png ├── ProcessList.ini ├── ProcessList.json ├── ProcessTree.cna ├── README.md ├── SharpAV ├── Program-1.cs ├── Program.cs ├── Properties │ └── AssemblyInfo.cs ├── SharpAV.csproj ├── SharpAV.exe ├── SharpAV.sln ├── app.config └── bin │ ├── Debug │ ├── SharpAV.exe │ ├── SharpAV.exe.config │ └── SharpAV.pdb │ └── Release │ ├── SharpAV.exe │ ├── SharpAV.exe.config │ └── SharpAV.pdb ├── favicon.ico └── index.php /Antivirus.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/3had0w/Antivirus-detection/9adf32b7b04a4e988b8cdfe3f0efb75f0dee2a96/Antivirus.bat -------------------------------------------------------------------------------- /Antivirus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/3had0w/Antivirus-detection/9adf32b7b04a4e988b8cdfe3f0efb75f0dee2a96/Antivirus.png -------------------------------------------------------------------------------- /ProcessList.ini: -------------------------------------------------------------------------------- 1 | ----------------常见WAF进程---------------- 2 | D_Safe_Manage.exe - D盾 3 | d_manage.exe - D盾 4 | PC.exe - 云锁客户端 5 | yunsuo_agent_service.exe - 云锁服务端 6 | yunsuo_agent_daemon.exe - 云锁服务端 7 | gov_defence_daemon.exe - GovDefence(网防G01) 8 | gov_defence_service.exe - GovDefence(网防G01) 9 | AliYunDun.exe - 阿里云盾 10 | AliYunDunUpdate.exe - 阿里云盾 11 | aliyun_assist_service.exe - 阿里云盾 12 | 360WebSafe.exe - 360主机卫士 13 | QHSrv.exe - 360主机卫士 14 | QHWebshellGuard.exe - 360主机卫士 15 | CloudHelper.exe - 安全狗 16 | SafeDogTray.exe - 安全狗 17 | SafeDogGuardCenter.exe - 安全狗 18 | SafeDogUpdateCenter.exe - 安全狗 19 | SafeDogSiteApache.exe - 网站安全狗(Apache) 20 | SafeDogSiteIIS.exe - 网站安全狗(IIS) 21 | SafeDogServerUI.exe - 服务器安全狗 22 | hws.exe - 护卫神·入侵防护系统 23 | hwsd.exe - 护卫神·入侵防护系统 24 | hws_ui.exe - 护卫神·入侵防护系统 25 | HwsPanel.exe - 护卫神·入侵防护系统 26 | 27 | ----------------常见杀软进程---------------- 28 | HipsDaemon.exe - 火绒安全软件 29 | HipsTray.exe - 火绒安全软件 30 | HipsLog.exe - 火绒安全软件 31 | HipsMain.exe - 火绒安全软件 32 | usysdiag.exe - 火绒安全软件 33 | wsctrl.exe - 火绒安全软件 34 | QQPCRTP.exe - 腾讯电脑管家 35 | QQPCTray.exe - 腾讯电脑管家 36 | QQPCNetFlow.exe - 腾讯电脑管家 37 | QQPCRealTimeSpeedup.exe - 腾讯电脑管家 38 | 360sd.exe - 360杀毒 39 | 360rp.exe - 360杀毒 40 | 360Safe.exe - 360安全卫士 41 | 360tray.exe - 360实时保护 42 | LiveUpdate360.exe - 360更新程序 43 | zhudongfangyu.exe - 360主动防御 44 | safeboxTray - 360保险箱保护程序 45 | 360safebox.exe - 360保险箱主程序 46 | 360skylarsvc.exe - 360天擎终端安全管理系统 47 | SavMain.exe - Sophos杀毒 48 | SavProgress.exe - Sophos杀毒 49 | mbam.exe - Malwarebytes杀毒 50 | mbamtray.exe - Malwarebytes杀毒 51 | MBAMService.exe - Malwarebytes杀毒 52 | TMBMSRV.exe - PC-cillin趋势反病毒 53 | ntrtscan.exe - PC-cillin趋势反病毒 54 | VsTskMgr.exe - McAfee(麦咖啡) 55 | McShield.exe - McAfee(麦咖啡) 56 | mfevtps.exe - McAfee(麦咖啡) 57 | mfeann.exe - McAfee(麦咖啡) 58 | Tbmon.exe - McAfee(麦咖啡) 59 | shstat.exe - McAfee(麦咖啡) 60 | McTray.exe - McAfee(麦咖啡) 61 | UdaterUI.exe - McAfee(麦咖啡) 62 | naPrdMgr.exe - McAfee(麦咖啡) 63 | EngineServer.exe - McAfee(麦咖啡) 64 | FrameworkService.exe - McAfee(麦咖啡) 65 | AVK.exe - GData安全防护软件 66 | GDScan.exe - GData安全防护软件 67 | AVKWCtl.exe - GData安全防护软件 68 | AVKCl.exe - GData安全防护软件 69 | AVKProxy.exe - GData安全防护软件 70 | AVKBackupService.exe - GData安全防护软件 71 | ccEvtMgr.exe - Symantec(赛门铁克) 72 | ccSetMgr.exe - Symantec(赛门铁克) 73 | ccsvchst.exe - Symantec(赛门铁克)或 Norton(诺顿杀毒) 74 | rtvscan.exe - Symantec(赛门铁克)或 Norton(诺顿杀毒) 75 | smc.exe - Symantec(赛门铁克) 76 | smcGui.exe - Symantec(赛门铁克) 77 | snac.exe - Symantec(赛门铁克) 78 | SymCorpUI.exe - Symantec(赛门铁克) 79 | MsMpEng.exe - Windows Defender 80 | NisSrv.exe - Windows Defender 81 | MsSense.exe - Windows Defender 82 | msseces.exe - Windows Defender 83 | MpCmdRun.exe - Windows Defender 84 | MSASCui.exe - Windows Defender 85 | MSASCuiL.exe - Windows Defender 86 | SecurityHealthService.exe - Windows Defender 87 | avp.exe - Kaspersky(卡巴斯基) 88 | kavfs.exe - Kaspersky(卡巴斯基) 89 | klnagent.exe - Kaspersky(卡巴斯基) 90 | kavtray.exe - Kaspersky(卡巴斯基) 91 | kavfswp.exe - Kaspersky(卡巴斯基) 92 | ekrn.exe - ESET NOD32防毒 93 | egui.exe - ESET NOD32防毒 94 | EShaSrv.exe - ESET NOD32防毒 95 | eguiProxy.exe - ESET NOD32防毒 96 | avg.exe - AVG杀毒 97 | avgwdsvc.exe - AVG杀毒 98 | AvastUI.exe - Avast!5主程序 99 | ashDisp.exe - Avast网络安全 100 | ClamTray.exe - ClemWin Free Antivirus 101 | clamscan.exe - ClemWin Free Antivirus 102 | avcenter.exe - Avira(小红伞) 103 | avguard.exe - Avira(小红伞) 104 | avgnt.exe - Avira(小红伞) 105 | sched.exe - Avira(小红伞) 106 | bddownloader.exe - 百度卫士 107 | baiduSafeTray.exe - 百度卫士 108 | baiduansvx.exe - 百度卫士-主进程 109 | BaiduSd.exe - 百度杀毒-主程序 110 | BaiduSdSvc.exe - 百度杀毒-服务进程 111 | BaiduSdTray.exe - 百度杀毒-托盘进程 112 | 113 | ----------------搜集杀软进程---------------- 114 | F-PROT.exe - F-Prot杀毒 115 | vba32lder.exe - vb32杀毒 116 | K7TSecurity.exe - K7杀毒 117 | iptray.exe - Immunet杀毒 118 | CMCTrayIcon.exe - CMC杀毒 119 | BKavService.exe - Bkav杀毒 120 | nspupsvc.exe - nProtect杀毒 121 | a2guard.exe - a-squared杀毒 122 | ad-watch.exe - Lavasoft杀毒 123 | UnThreat.exe - UnThreat杀毒 124 | PSafeSysTray.exe - PSafe反病毒 125 | patray.exe - Ahnlab安博士杀毒 126 | V3Svc.exe - Ahnlab安博士V3杀毒 127 | cleaner8.exe - The Cleaner杀毒 128 | MongoosaGUI.exe - Mongoosa杀毒 129 | secenter.exe - BitDefender杀毒 130 | AYAgent.exe - ALYac韩国胶囊杀毒 131 | ksafe.exe - 金山卫士 132 | KvMonXP.exe - 江民杀毒 133 | RavMon.exe - 瑞星杀毒 134 | RavMonD.exe - 瑞星杀毒 135 | kxescore.exe - 金山毒霸 136 | kupdata.exe - 金山毒霸 137 | kxetray.exe - 金山毒霸 138 | kwsprotect64.exe - 金山毒霸 139 | KSafeTray.exe - 金山卫士 140 | knsdtray.exe - 可牛杀毒 141 | SBAMSvc.exe - VIPRE杀毒 142 | remupd.exe - 熊猫卫士杀毒 143 | spidernt.exe - Dr.web杀毒 144 | QUHLPSVC.exe - QuickHeal杀毒 145 | fsavgui.exe - F-Secure冰岛杀毒 146 | f-secure.exe - F-Secure冰岛杀毒 147 | ArcaTasksService.exe - ArcaVir杀毒 148 | vsserv.exe - Bitdefender比特梵德杀毒 149 | AVWatchService.exe - VIRUSfighter杀毒 150 | ns.exe - Norton诺顿杀毒 151 | ccapp.exe - Norton诺顿杀毒 152 | vptray.exe - Norton病毒防火墙-盾牌图标程序 153 | NPFMntor.exe - Norton杀毒软件相关进程 154 | ccRegVfy.exe - Norton杀毒软件自身完整性检查程序 155 | SNDSrvc.exe - Symantec Shared诺顿邮件防火墙软件 156 | SPBBCSvc.exe - Symantec Shared诺顿邮件防火墙软件 157 | symlcsvc.exe - Symantec Shared诺顿邮件防火墙软件 158 | CorantiControlCenter32.exe - Coranti2012杀毒 159 | CKSoftShiedAntivirus4.exe - Shield Antivirus杀毒 160 | SpywareTerminatorShield.exe - SpywareTerminator杀毒 161 | USBKiller.exe - U盘杀毒专家 162 | AST.exe - 超级巡警 163 | FortiTray.exe - 飞塔 164 | GG.exe - 巨盾网游安全盾 165 | adam.exe - 绿鹰安全精灵 166 | kpfwtray.exe - 金山网镖 167 | beikesan.exe - 贝壳云安全 168 | parmor.exe - 木马克星 169 | Iparmor.exe - 木马克星 170 | KSWebShield.exe - 金山网盾 171 | TrojanHunter.exe - 木马猎手 172 | WEBSCANX.EXE - 网络病毒克星 173 | ananwidget.exe - 墨者安全专家 174 | pfw.exe - 天网防火墙 175 | cfp.exe - Comodo科摩多 176 | MPMon.exe - 微点主动防御 177 | rfwmain.exe - 瑞星防火墙 178 | SPHINX.EXE - SPHINX防火墙 179 | vsmon.exe - ZoneAlarm防火墙 180 | FYFireWall.exe - 风云防火墙 181 | acs.exe - Outpost防火墙 182 | outpost.exe - Outpost防火墙 183 | -------------------------------------------------------------------------------- /ProcessList.json: -------------------------------------------------------------------------------- 1 | { 2 | "D_Safe_Manage.exe": "D盾", 3 | "d_manage.exe": "D盾", 4 | "PC.exe": "云锁客户端", 5 | "yunsuo_agent_service.exe": "云锁服务端", 6 | "yunsuo_agent_daemon.exe": "云锁服务端", 7 | "gov_defence_daemon.exe": "GovDefence(网防G01)", 8 | "gov_defence_service.exe": "GovDefence(网防G01)", 9 | "AliYunDun.exe": "阿里云盾", 10 | "AliYunDunUpdate.exe": "阿里云盾", 11 | "aliyun_assist_service.exe": "阿里云盾", 12 | "360WebSafe.exe": "360主机卫士", 13 | "QHSrv.exe": "360主机卫士", 14 | "QHWebshellGuard.exe": "360主机卫士", 15 | "CloudHelper.exe": "安全狗", 16 | "SafeDogTray.exe": "安全狗", 17 | "SafeDogGuardCenter.exe": "安全狗", 18 | "SafeDogUpdateCenter.exe": "安全狗", 19 | "SafeDogSiteApache.exe": "网站安全狗(Apache)", 20 | "SafeDogSiteIIS.exe": "网站安全狗(IIS)", 21 | "SafeDogServerUI.exe": "服务器安全狗", 22 | "hws.exe": "护卫神·入侵防护系统", 23 | "hwsd.exe": "护卫神·入侵防护系统", 24 | "hws_ui.exe": "护卫神·入侵防护系统", 25 | "HwsPanel.exe": "护卫神·入侵防护系统", 26 | "HipsDaemon.exe": "火绒安全软件", 27 | "HipsTray.exe": "火绒安全软件", 28 | "HipsLog.exe": "火绒安全软件", 29 | "HipsMain.exe": "火绒安全软件", 30 | "usysdiag.exe": "火绒安全软件", 31 | "wsctrl.exe": "火绒安全软件", 32 | "QQPCRTP.exe": "腾讯电脑管家", 33 | "QQPCTray.exe": "腾讯电脑管家", 34 | "QQPCNetFlow.exe": "腾讯电脑管家", 35 | "QQPCRealTimeSpeedup.exe": "腾讯电脑管家", 36 | "360sd.exe": "360杀毒", 37 | "360rp.exe": "360杀毒", 38 | "360Safe.exe": "360安全卫士", 39 | "360tray.exe": "360实时保护", 40 | "LiveUpdate360.exe": "360更新程序", 41 | "zhudongfangyu.exe": "360主动防御", 42 | "safeboxTray": "360保险箱保护程序", 43 | "360safebox.exe": "360保险箱主程序", 44 | "360skylarsvc.exe": "360天擎终端安全管理系统", 45 | "SavMain.exe": "Sophos杀毒", 46 | "SavProgress.exe": "Sophos杀毒", 47 | "mbam.exe": "Malwarebytes杀毒", 48 | "mbamtray.exe": "Malwarebytes杀毒", 49 | "MBAMService.exe": "Malwarebytes杀毒", 50 | "TMBMSRV.exe": "PC-cillin趋势反病毒", 51 | "ntrtscan.exe": "PC-cillin趋势反病毒", 52 | "VsTskMgr.exe": "McAfee(麦咖啡)", 53 | "McShield.exe": "McAfee(麦咖啡)", 54 | "mfevtps.exe": "McAfee(麦咖啡)", 55 | "mfeann.exe": "McAfee(麦咖啡)", 56 | "Tbmon.exe": "McAfee(麦咖啡)", 57 | "shstat.exe": "McAfee(麦咖啡)", 58 | "McTray.exe": "McAfee(麦咖啡)", 59 | "UdaterUI.exe": "McAfee(麦咖啡)", 60 | "naPrdMgr.exe": "McAfee(麦咖啡)", 61 | "EngineServer.exe": "McAfee(麦咖啡)", 62 | "FrameworkService.exe": "McAfee(麦咖啡)", 63 | "AVK.exe": "GData安全防护软件", 64 | "GDScan.exe": "GData安全防护软件", 65 | "AVKWCtl.exe": "GData安全防护软件", 66 | "AVKCl.exe": "GData安全防护软件", 67 | "AVKProxy.exe": "GData安全防护软件", 68 | "AVKBackupService.exe": "GData安全防护软件", 69 | "ccEvtMgr.exe": "Symantec(赛门铁克)", 70 | "ccSetMgr.exe": "Symantec(赛门铁克)", 71 | "ccsvchst.exe": "Symantec(赛门铁克) 或 Norton(诺顿杀毒)", 72 | "rtvscan.exe": "Symantec(赛门铁克) 或 Norton(诺顿杀毒)", 73 | "smc.exe": "Symantec(赛门铁克)", 74 | "smcGui.exe": "Symantec(赛门铁克)", 75 | "snac.exe": "Symantec(赛门铁克)", 76 | "SymCorpUI.exe": "Symantec(赛门铁克)", 77 | "MsMpEng.exe": "Windows Defender", 78 | "NisSrv.exe": "Windows Defender", 79 | "MsSense.exe": "Windows Defender", 80 | "msseces.exe": "Windows Defender", 81 | "MpCmdRun.exe": "Windows Defender", 82 | "MSASCui.exe": "Windows Defender", 83 | "MSASCuiL.exe": "Windows Defender", 84 | "SecurityHealthService.exe": "Windows Defender", 85 | "avp.exe": "Kaspersky(卡巴斯基)", 86 | "kavfs.exe": "Kaspersky(卡巴斯基)", 87 | "klnagent.exe": "Kaspersky(卡巴斯基)", 88 | "kavtray.exe": "Kaspersky(卡巴斯基)", 89 | "kavfswp.exe": "Kaspersky(卡巴斯基)", 90 | "ekrn.exe": "ESET NOD32防毒", 91 | "egui.exe": "ESET NOD32防毒", 92 | "EShaSrv.exe": "ESET NOD32防毒", 93 | "eguiProxy.exe": "ESET NOD32防毒", 94 | "avg.exe": "AVG杀毒", 95 | "avgwdsvc.exe": "AVG杀毒", 96 | "AvastUI.exe": "Avast!5主程序", 97 | "ashDisp.exe": "Avast网络安全", 98 | "ClamTray.exe": "ClemWin Free Antivirus", 99 | "clamscan.exe": "ClemWin Free Antivirus", 100 | "avcenter.exe": "Avira(小红伞)", 101 | "avguard.exe": "Avira(小红伞)", 102 | "avgnt.exe": "Avira(小红伞)", 103 | "sched.exe": "Avira(小红伞)", 104 | "bddownloader.exe": "百度卫士", 105 | "baiduSafeTray.exe": "百度卫士", 106 | "baiduansvx.exe": "百度卫士-主进程", 107 | "BaiduSd.exe": "百度杀毒-主程序", 108 | "BaiduSdSvc.exe": "百度杀毒-服务进程", 109 | "BaiduSdTray.exe": "百度杀毒-托盘进程", 110 | "F-PROT.exe": "F-Prot杀毒", 111 | "vba32lder.exe": "vb32杀毒", 112 | "K7TSecurity.exe": "K7杀毒", 113 | "iptray.exe": "Immunet杀毒", 114 | "CMCTrayIcon.exe": "CMC杀毒", 115 | "BKavService.exe": "Bkav杀毒", 116 | "nspupsvc.exe": "nProtect杀毒", 117 | "a2guard.exe": "a-squared杀毒", 118 | "ad-watch.exe": "Lavasoft杀毒", 119 | "UnThreat.exe": "UnThreat杀毒", 120 | "PSafeSysTray.exe": "PSafe反病毒", 121 | "patray.exe": "Ahnlab安博士杀毒", 122 | "V3Svc.exe": "Ahnlab安博士V3杀毒", 123 | "cleaner8.exe": "The Cleaner杀毒", 124 | "MongoosaGUI.exe": "Mongoosa杀毒", 125 | "secenter.exe": "BitDefender杀毒", 126 | "AYAgent.exe": "ALYac韩国胶囊杀毒", 127 | "ksafe.exe": "金山卫士", 128 | "KvMonXP.exe": "江民杀毒", 129 | "RavMon.exe": "瑞星杀毒", 130 | "RavMonD.exe": "瑞星杀毒", 131 | "kxescore.exe": "金山毒霸", 132 | "kupdata.exe": "金山毒霸", 133 | "kxetray.exe": "金山毒霸", 134 | "kwsprotect64.exe": "金山毒霸", 135 | "KSafeTray.exe": "金山卫士", 136 | "knsdtray.exe": "可牛杀毒", 137 | "SBAMSvc.exe": "VIPRE杀毒", 138 | "remupd.exe": "熊猫卫士杀毒", 139 | "spidernt.exe": "Dr.web杀毒", 140 | "QUHLPSVC.exe": "QuickHeal杀毒", 141 | "fsavgui.exe": "F-Secure冰岛杀毒", 142 | "f-secure.exe": "F-Secure冰岛杀毒", 143 | "ArcaTasksService.exe": "ArcaVir杀毒", 144 | "vsserv.exe": "Bitdefender比特梵德杀毒", 145 | "AVWatchService.exe": "VIRUSfighter杀毒", 146 | "ns.exe": "Norton诺顿杀毒", 147 | "ccapp.exe": "Norton诺顿杀毒", 148 | "vptray.exe": "Norton病毒防火墙-盾牌图标程序", 149 | "NPFMntor.exe": "Norton杀毒软件相关进程", 150 | "ccRegVfy.exe": "Norton杀毒软件自身完整性检查程序", 151 | "SNDSrvc.exe": "Symantec Shared诺顿邮件防火墙软件", 152 | "SPBBCSvc.exe": "Symantec Shared诺顿邮件防火墙软件", 153 | "symlcsvc.exe": "Symantec Shared诺顿邮件防火墙软件", 154 | "CorantiControlCenter32.exe": "Coranti2012杀毒", 155 | "CKSoftShiedAntivirus4.exe": "Shield Antivirus杀毒", 156 | "SpywareTerminatorShield.exe": "SpywareTerminator杀毒", 157 | "USBKiller.exe": "U盘杀毒专家", 158 | "AST.exe": "超级巡警", 159 | "FortiTray.exe": "飞塔", 160 | "GG.exe": "巨盾网游安全盾", 161 | "adam.exe": "绿鹰安全精灵", 162 | "kpfwtray.exe": "金山网镖", 163 | "beikesan.exe": "贝壳云安全", 164 | "parmor.exe": "木马克星", 165 | "Iparmor.exe": "木马克星", 166 | "KSWebShield.exe": "金山网盾", 167 | "TrojanHunter.exe": "木马猎手", 168 | "WEBSCANX.EXE": "网络病毒克星", 169 | "ananwidget.exe": "墨者安全专家", 170 | "pfw.exe": "天网防火墙", 171 | "cfp.exe": "Comodo科摩多", 172 | "MPMon.exe": "微点主动防御", 173 | "rfwmain.exe": "瑞星防火墙", 174 | "SPHINX.EXE": "SPHINX防火墙", 175 | "vsmon.exe": "ZoneAlarm防火墙", 176 | "FYFireWall.exe": "风云防火墙", 177 | "acs.exe": "Outpost防火墙", 178 | "outpost.exe": "Outpost防火墙" 179 | } 180 | -------------------------------------------------------------------------------- /ProcessTree.cna: -------------------------------------------------------------------------------- 1 | #Cobalt Strike Process Tree Aggressor Script 2 | #Author @ars3n11 3 | 4 | # Based off @r3dQu1nn ProcessColor.cna https://github.com/harleyQu1nn/AggressorScripts/blob/master/ProcessColor.cna 5 | # Thanks to @oldb00t for creating the original beacon-ps-highlight.cna script! Script here: https://github.com/oldb00t/AggressorScripts/tree/master/Ps-highlight 6 | 7 | set BEACON_OUTPUT_PS { 8 | 9 | $bd = bdata($1); 10 | #Arsenii: added SecurityHealthService.exe for Windows Defender on Win10 (not tested on anything else) 11 | @av = @("SecurityHealthService.exe", "Tanium.exe", "360RP.exe", "360SD.exe", "360Safe.exe", "360leakfixer.exe", "360rp.exe", "360safe.exe", "360sd.exe", "360tray.exe", "AAWTray.exe", "ACAAS.exe", "ACAEGMgr.exe", "ACAIS.exe", "AClntUsr.EXE", "ALERT.EXE", "ALERTSVC.EXE", "ALMon.exe", "ALUNotify.exe", "ALUpdate.exe", "ALsvc.exe", "AVENGINE.exe", "AVGCHSVX.EXE", "AVGCSRVX.EXE", "AVGIDSAgent.exe", "AVGIDSMonitor.exe", "AVGIDSUI.exe", "AVGIDSWatcher.exe", "AVGNSX.EXE", "AVKProxy.exe", "AVKService.exe", "AVKTray.exe", "AVKWCtl.exe", "AVP.EXE", "AVP.exe", "AVPDTAgt.exe", "AcctMgr.exe", "Ad-Aware.exe", "Ad-Aware2007.exe", "AddressExport.exe", "AdminServer.exe", "Administrator.exe", "AeXAgentUIHost.exe", "AeXNSAgent.exe", "AeXNSRcvSvc.exe", "AlertSvc.exe", "AlogServ.exe", "AluSchedulerSvc.exe", "AnVir.exe", "AppSvc32.exe", "AtrsHost.exe", "Auth8021x.exe", "AvastSvc.exe", "AvastUI.exe", "Avconsol.exe", "AvpM.exe", "Avsynmgr.exe", "Avtask.exe", "BLACKD.exe", "BWMeterConSvc.exe", "CAAntiSpyware.exe", "CALogDump.exe", "CAPPActiveProtection.exe", "CAPPActiveProtection.exe", "CB.exe", "CCAP.EXE", "CCenter.exe", "CClaw.exe", "CLPS.exe", "CLPSLA.exe", "CLPSLS.exe", "CNTAoSMgr.exe", "CPntSrv.exe", "CTDataLoad.exe", "CertificationManagerServiceNT.exe", "ClShield.exe", "ClamTray.exe", "ClamWin.exe", "Console.exe", "CylanceUI.exe", "DAO_Log.exe", "DLService.exe", "DLTray.EXE", "DLTray.exe", "DRWAGNTD.EXE", "DRWAGNUI.EXE", "DRWEB32W.EXE", "DRWEBSCD.EXE", "DRWEBUPW.EXE", "DRWINST.EXE", "DSMain.exe", "DWHWizrd.exe", "DefWatch.exe", "DolphinCharge.exe", "EHttpSrv.exe", "EMET_Agent.exe", "EMET_Service.exe", "EMLPROUI.exe", "EMLPROXY.exe", "EMLibUpdateAgentNT.exe", "ETConsole3.exe", "ETCorrel.exe", "ETLogAnalyzer.exe", "ETReporter.exe", "ETRssFeeds.exe", "EUQMonitor.exe", "EndPointSecurity.exe", "EngineServer.exe", "EntityMain.exe", "EtScheduler.exe", "EtwControlPanel.exe", "EventParser.exe", "FAMEH32.exe", "FCDBLog.exe", "FCH32.exe", "FPAVServer.exe", "FProtTray.exe", "FSCUIF.exe", "FSHDLL32.exe", "FSM32.exe", "FSMA32.exe", "FSMB32.exe", "FWCfg.exe", "FireSvc.exe", "FireTray.exe", "FirewallGUI.exe", "ForceField.exe", "FortiProxy.exe", "FortiTray.exe", "FortiWF.exe", "FrameworkService.exe", "FreeProxy.exe", "GDFirewallTray.exe", "GDFwSvc.exe", "HWAPI.exe", "ISNTSysMonitor.exe", "ISSVC.exe", "ISWMGR.exe", "ITMRTSVC.exe", "ITMRT_SupportDiagnostics.exe", "ITMRT_TRACE.exe", "IcePack.exe", "IdsInst.exe", "InoNmSrv.exe", "InoRT.exe", "InoRpc.exe", "InoTask.exe", "InoWeb.exe", "IsntSmtp.exe", "KABackReport.exe", "KANMCMain.exe", "KAVFS.EXE", "KAVStart.exe", "KLNAGENT.EXE", "KMailMon.exe", "KNUpdateMain.exe", "KPFWSvc.exe", "KSWebShield.exe", "KVMonXP.exe", "KVMonXP_2.exe", "KVSrvXP.exe", "KWSProd.exe", "KWatch.exe", "KavAdapterExe.exe", "KeyPass.exe", "KvXP.exe", "LUALL.EXE", "LWDMServer.exe", "LockApp.exe", "LockAppHost.exe", "LogGetor.exe", "MCSHIELD.EXE", "MCUI32.exe", "MSASCui.exe", "ManagementAgentNT.exe", "McAfeeDataBackup.exe", "McEPOC.exe", "McEPOCfg.exe", "McNASvc.exe", "McProxy.exe", "McScript_InUse.exe", "McWCE.exe", "McWCECfg.exe", "Mcshield.exe", "McTray.exe", "MgntSvc.exe", "MpCmdRun.exe", "MpfAgent.exe", "MpfSrv.exe", "MsMpEng.exe", "NAIlgpip.exe", "NAVAPSVC.EXE", "NAVAPW32.EXE", "NCDaemon.exe", "NIP.exe", "NJeeves.exe", "NLClient.exe", "NMAGENT.EXE", "NOD32view.exe", "NPFMSG.exe", "NPROTECT.EXE", "NRMENCTB.exe", "NSMdtr.exe", "NTRtScan.exe", "NVCOAS.exe", "NVCSched.exe", "NavShcom.exe", "Navapsvc.exe", "NaveCtrl.exe", "NaveLog.exe", "NaveSP.exe", "Navw32.exe", "Navwnt.exe", "Nip.exe", "Njeeves.exe", "Npfmsg2.exe", "Npfsvice.exe", "NscTop.exe", "Nvcoas.exe", "Nvcsched.exe", "Nymse.exe", "OLFSNT40.EXE", "OMSLogManager.exe", "ONLINENT.exe", "ONLNSVC.exe", "OfcPfwSvc.exe", "PASystemTray.exe", "PAVFNSVR.exe", "PAVSRV51.exe", "PNmSrv.exe", "POPROXY.EXE", "POProxy.exe", "PPClean.exe", "PPCtlPriv.exe", "PQIBrowser.exe", "PSHost.exe", "PSIMSVC.EXE", "PXEMTFTP.exe", "PadFSvr.exe", "Pagent.exe", "Pagentwd.exe", "PavBckPT.exe", "PavFnSvr.exe", "PavPrSrv.exe", "PavProt.exe", "PavReport.exe", "Pavkre.exe", "PcCtlCom.exe", "PcScnSrv.exe", "PccNTMon.exe", "PccNTUpd.exe", "PpPpWallRun.exe", "PrintDevice.exe", "ProUtil.exe", "PsCtrlS.exe", "PsImSvc.exe", "PwdFiltHelp.exe", "Qoeloader.exe", "RAVMOND.exe", "RAVXP.exe", "RNReport.exe", "RPCServ.exe", "RSSensor.exe", "RTVscan.exe", "RapApp.exe", "Rav.exe", "RavAlert.exe", "RavMon.exe", "RavMonD.exe", "RavService.exe", "RavStub.exe", "RavTask.exe", "RavTray.exe", "RavUpdate.exe", "RavXP.exe", "RealMon.exe", "Realmon.exe", "RedirSvc.exe", "RegMech.exe", "ReporterSvc.exe", "RouterNT.exe", "Rtvscan.exe", "SAFeService.exe", "SAService.exe", "SAVAdminService.exe", "SAVFMSESp.exe", "SAVMain.exe", "SAVScan.exe", "SCANMSG.exe", "SCANWSCS.exe", "SCFManager.exe", "SCFService.exe", "SCFTray.exe", "SDTrayApp.exe", "SEVINST.EXE", "SMEX_ActiveUpdate.exe", "SMEX_Master.exe", "SMEX_RemoteConf.exe", "SMEX_SystemWatch.exe", "SMSECtrl.exe", "SMSELog.exe", "SMSESJM.exe", "SMSESp.exe", "SMSESrv.exe", "SMSETask.exe", "SMSEUI.exe", "SNAC.EXE", "SNAC.exe", "SNDMon.exe", "SNDSrvc.exe", "SPBBCSvc.exe", "SPIDERML.EXE", "SPIDERNT.EXE", "SSM.exe", "SSScheduler.exe", "SVCharge.exe", "SVDealer.exe", "SVFrame.exe", "SVTray.exe", "SWNETSUP.EXE", "SavRoam.exe", "SavService.exe", "SavUI.exe", "ScanMailOutLook.exe", "SeAnalyzerTool.exe", "SemSvc.exe", "SescLU.exe", "SetupGUIMngr.exe", "SiteAdv.exe", "Smc.exe", "SmcGui.exe", "SnHwSrv.exe", "SnICheckAdm.exe", "SnIcon.exe", "SnSrv.exe", "SnicheckSrv.exe", "SpIDerAgent.exe", "SpntSvc.exe", "SpyEmergency.exe", "SpyEmergencySrv.exe", "StOPP.exe", "StWatchDog.exe", "SymCorpUI.exe", "SymSPort.exe", "TBMon.exe", "TFGui.exe", "TFService.exe", "TFTray.exe", "TFun.exe", "TIASPN~1.EXE", "TSAnSrf.exe", "TSAtiSy.exe", "TScutyNT.exe", "TSmpNT.exe", "TmListen.exe", "TmPfw.exe", "Tmntsrv.exe", "Traflnsp.exe", "TrapTrackerMgr.exe", "UPSCHD.exe", "UcService.exe", "UdaterUI.exe", "UmxAgent.exe", "UmxCfg.exe", "UmxFwHlp.exe", "UmxPol.exe", "Up2date.exe", "UpdaterUI.exe", "UrlLstCk.exe", "UserActivity.exe", "UserAnalysis.exe", "UsrPrmpt.exe", "V3Medic.exe", "V3Svc.exe", "VPC32.exe", "VPDN_LU.exe", "VPTray.exe", "VSStat.exe", "VsStat.exe", "VsTskMgr.exe", "WEBPROXY.EXE", "WFXCTL32.EXE", "WFXMOD32.EXE", "WFXSNT40.EXE", "WebProxy.exe", "WebScanX.exe", "WinRoute.exe", "WrSpySetup.exe", "ZLH.exe", "Zanda.exe", "ZhuDongFangYu.exe", "Zlh.exe", "_avp32.exe", "_avpcc.exe", "_avpm.exe", "aAvgApi.exe", "aawservice.exe", "acaif.exe", "acctmgr.exe", "ackwin32.exe", "aclient.exe", "adaware.exe", "advxdwin.exe", "aexnsagent.exe", "aexsvc.exe", "aexswdusr.exe", "aflogvw.exe", "afwServ.exe", "agentsvr.exe", "agentw.exe", "ahnrpt.exe", "ahnsd.exe", "ahnsdsv.exe", "alertsvc.exe", "alevir.exe", "alogserv.exe", "alsvc.exe", "alunotify.exe", "aluschedulersvc.exe", "amon9x.exe", "amswmagt.exe", "anti-trojan.exe", "antiarp.exe", "antivirus.exe", "ants.exe", "aphost.exe", "apimonitor.exe", "aplica32.exe", "aps.exe", "apvxdwin.exe", "arr.exe", "ashAvast.exe", "ashBug.exe", "ashChest.exe", "ashCmd.exe", "ashDisp.exe", "ashEnhcd.exe", "ashLogV.exe", "ashMaiSv.exe", "ashPopWz.exe", "ashQuick.exe", "ashServ.exe", "ashSimp2.exe", "ashSimpl.exe", "ashSkPcc.exe", "ashSkPck.exe", "ashUpd.exe", "ashWebSv.exe", "ashdisp.exe", "ashmaisv.exe", "ashserv.exe", "ashwebsv.exe", "asupport.exe", "aswDisp.exe", "aswRegSvr.exe", "aswServ.exe", "aswUpdSv.exe", "aswUpdsv.exe", "aswWebSv.exe", "aswupdsv.exe", "atcon.exe", "atguard.exe", "atro55en.exe", "atupdater.exe", "atwatch.exe", "atwsctsk.exe", "au.exe", "aupdate.exe", "aupdrun.exe", "aus.exe", "auto-protect.nav80try.exe", "autodown.exe", "autotrace.exe", "autoup.exe", "autoupdate.exe", "avEngine.exe", "avadmin.exe", "avcenter.exe", "avconfig.exe", "avconsol.exe", "ave32.exe", "avengine.exe", "avesvc.exe", "avfwsvc.exe", "avgam.exe", "avgamsvr.exe", "avgas.exe", "avgcc.exe", "avgcc32.exe", "avgcsrvx.exe", "avgctrl.exe", "avgdiag.exe", "avgemc.exe", "avgfws8.exe", "avgfws9.exe", "avgfwsrv.exe", "avginet.exe", "avgmsvr.exe", "avgnsx.exe", "avgnt.exe", "avgregcl.exe", "avgrssvc.exe", "avgrsx.exe", "avgscanx.exe", "avgserv.exe", "avgserv9.exe", "avgsystx.exe", "avgtray.exe", "avguard.exe", "avgui.exe", "avgupd.exe", "avgupdln.exe", "avgupsvc.exe", "avgvv.exe", "avgw.exe", "avgwb.exe", "avgwdsvc.exe", "avgwizfw.exe", "avkpop.exe", "avkserv.exe", "avkservice.exe", "avkwctl9.exe", "avltmain.exe", "avmailc.exe", "avmcdlg.exe", "avnotify.exe", "avnt.exe", "avp.exe", "avp32.exe", "avpcc.exe", "avpdos32.exe", "avpexec.exe", "avpm.exe", "avpncc.exe", "avps.exe", "avptc32.exe", "avpupd.exe", "avscan.exe", "avsched32.exe", "avserver.exe", "avshadow.exe", "avsynmgr.exe", "avwebgrd.exe", "avwin.exe", "avwin95.exe", "avwinnt.exe", "avwupd.exe", "avwupd32.exe", "avwupsrv.exe", "avxmonitor9x.exe", "avxmonitornt.exe", "avxquar.exe", "backweb.exe", "bargains.exe", "basfipm.exe", "bd_professional.exe", "bdagent.exe", "bdc.exe", "bdlite.exe", "bdmcon.exe", "bdss.exe", "bdsubmit.exe", "beagle.exe", "belt.exe", "bidef.exe", "bidserver.exe", "bipcp.exe", "bipcpevalsetup.exe", "bisp.exe", "blackd.exe", "blackice.exe", "blink.exe", "blss.exe", "bmrt.exe", "bootconf.exe", "bootwarn.exe", "borg2.exe", "bpc.exe", "bpk.exe", "brasil.exe", "bs120.exe", "bundle.exe", "bvt.exe", "bwgo0000.exe", "ca.exe", "caav.exe", "caavcmdscan.exe", "caavguiscan.exe", "caf.exe", "cafw.exe", "caissdt.exe", "capfaem.exe", "capfasem.exe", "capfsem.exe", "capmuamagt.exe", "casc.exe", "casecuritycenter.exe", "caunst.exe", "cavrep.exe", "cavrid.exe", "cavscan.exe", "cavtray.exe", "ccApp.exe", "ccEvtMgr.exe", "ccLgView.exe", "ccProxy.exe", "ccSetMgr.exe", "ccSetmgr.exe", "ccSvcHst.exe", "ccap.exe", "ccapp.exe", "ccevtmgr.exe", "cclaw.exe", "ccnfagent.exe", "ccprovsp.exe", "ccproxy.exe", "ccpxysvc.exe", "ccschedulersvc.exe", "ccsetmgr.exe", "ccsmagtd.exe", "ccsvchst.exe", "ccsystemreport.exe", "cctray.exe", "ccupdate.exe", "cdp.exe", "cfd.exe", "cfftplugin.exe", "cfgwiz.exe", "cfiadmin.exe", "cfiaudit.exe", "cfinet.exe", "cfinet32.exe", "cfnotsrvd.exe", "cfp.exe", "cfpconfg.exe", "cfpconfig.exe", "cfplogvw.exe", "cfpsbmit.exe", "cfpupdat.exe", "cfsmsmd.exe", "checkup.exe", "cka.exe", "clamscan.exe", "claw95.exe", "claw95cf.exe", "clean.exe", "cleaner.exe", "cleaner3.exe", "cleanpc.exe", "cleanup.exe", "click.exe", "cmdagent.exe", "cmdinstall.exe", "cmesys.exe", "cmgrdian.exe", "cmon016.exe", "comHost.exe", "connectionmonitor.exe", "control_panel.exe", "cpd.exe", "cpdclnt.exe", "cpf.exe", "cpf9x206.exe", "cpfnt206.exe", "crashrep.exe", "csacontrol.exe", "csinject.exe", "csinsm32.exe", "csinsmnt.exe", "csrss_tc.exe", "ctrl.exe", "cv.exe", "cwnb181.exe", "cwntdwmo.exe", "cz.exe", "datemanager.exe", "dbserv.exe", "dbsrv9.exe", "dcomx.exe", "defalert.exe", "defscangui.exe", "defwatch.exe", "deloeminfs.exe", "deputy.exe", "diskmon.exe", "divx.exe", "djsnetcn.exe", "dllcache.exe", "dllreg.exe", "doors.exe", "doscan.exe", "dpf.exe", "dpfsetup.exe", "dpps2.exe", "drwagntd.exe", "drwatson.exe", "drweb.exe", "drweb32.exe", "drweb32w.exe", "drweb386.exe", "drwebcgp.exe", "drwebcom.exe", "drwebdc.exe", "drwebmng.exe", "drwebscd.exe", "drwebupw.exe", "drwebwcl.exe", "drwebwin.exe", "drwupgrade.exe", "dsmain.exe", "dssagent.exe", "dvp95.exe", "dvp95_0.exe", "dwengine.exe", "dwhwizrd.exe", "dwwin.exe", "ecengine.exe", "edisk.exe", "efpeadm.exe", "egui.exe", "ekrn.exe", "elogsvc.exe", "emet_agent.exe", "emet_service.exe", "emsw.exe", "engineserver.exe", "ent.exe", "era.exe", "esafe.exe", "escanhnt.exe", "escanv95.exe", "esecagntservice.exe", "esecservice.exe", "esmagent.exe", "espwatch.exe", "etagent.exe", "ethereal.exe", "etrustcipe.exe", "evpn.exe", "evtProcessEcFile.exe", "evtarmgr.exe", "evtmgr.exe", "exantivirus-cnet.exe", "exe.avxw.exe", "execstat.exe", "expert.exe", "explore.exe", "f-agnt95.exe", "f-prot.exe", "f-prot95.exe", "f-stopw.exe", "fameh32.exe", "fast.exe", "fch32.exe", "fih32.exe", "findviru.exe", "firesvc.exe", "firetray.exe", "firewall.exe", "fmon.exe", "fnrb32.exe", "fortifw.exe", "fp-win.exe", "fp-win_trial.exe", "fprot.exe", "frameworkservice.exe", "frminst.exe", "frw.exe", "fsaa.exe", "fsaua.exe", "fsav.exe", "fsav32.exe", "fsav530stbyb.exe", "fsav530wtbyb.exe", "fsav95.exe", "fsavgui.exe", "fscuif.exe", "fsdfwd.exe", "fsgk32.exe", "fsgk32st.exe", "fsguidll.exe", "fsguiexe.exe", "fshdll32.exe", "fsm32.exe", "fsma32.exe", "fsmb32.exe", "fsorsp.exe", "fspc.exe", "fspex.exe", "fsqh.exe", "fssm32.exe", "fwinst.exe", "gator.exe", "gbmenu.exe", "gbpoll.exe", "gcascleaner.exe", "gcasdtserv.exe", "gcasinstallhelper.exe", "gcasnotice.exe", "gcasserv.exe", "gcasservalert.exe", "gcasswupdater.exe", "generics.exe", "gfireporterservice.exe", "ghost_2.exe", "ghosttray.exe", "giantantispywaremain.exe", "giantantispywareupdater.exe", "gmt.exe", "guard.exe", "guarddog.exe", "guardgui.exe", "hacktracersetup.exe", "hbinst.exe", "hbsrv.exe", "hipsvc.exe", "hotactio.exe", "hotpatch.exe", "htlog.exe", "htpatch.exe", "hwpe.exe", "hxdl.exe", "hxiul.exe", "iamapp.exe", "iamserv.exe", "iamstats.exe", "ibmasn.exe", "ibmavsp.exe", "icepack.exe", "icload95.exe", "icloadnt.exe", "icmon.exe", "icsupp95.exe", "icsuppnt.exe", "idle.exe", "iedll.exe", "iedriver.exe", "iface.exe", "ifw2000.exe", "igateway.exe", "inetlnfo.exe", "infus.exe", "infwin.exe", "inicio.exe", "init.exe", "inonmsrv.exe", "inorpc.exe", "inort.exe", "inotask.exe", "intdel.exe", "intren.exe", "iomon98.exe", "isPwdSvc.exe", "isUAC.exe", "isafe.exe", "isafinst.exe", "issvc.exe", "istsvc.exe", "jammer.exe", "jdbgmrg.exe", "jedi.exe", "kaccore.exe", "kansgui.exe", "kansvr.exe", "kastray.exe", "kav.exe", "kav32.exe", "kavfs.exe", "kavfsgt.exe", "kavfsrcn.exe", "kavfsscs.exe", "kavfswp.exe", "kavisarv.exe", "kavlite40eng.exe", "kavlotsingleton.exe", "kavmm.exe", "kavpers40eng.exe", "kavpf.exe", "kavshell.exe", "kavss.exe", "kavstart.exe", "kavsvc.exe", "kavtray.exe", "kazza.exe", "keenvalue.exe", "kerio-pf-213-en-win.exe", "kerio-wrl-421-en-win.exe", "kerio-wrp-421-en-win.exe", "kernel32.exe", "killprocesssetup161.exe", "kis.exe", "kislive.exe", "kissvc.exe", "klnacserver.exe", "klnagent.exe", "klserver.exe", "klswd.exe", "klwtblfs.exe", "kmailmon.exe", "knownsvr.exe", "kpf4gui.exe", "kpf4ss.exe", "kpfw32.exe", "kpfwsvc.exe", "krbcc32s.exe", "kvdetech.exe", "kvolself.exe", "kvsrvxp.exe", "kvsrvxp_1.exe", "kwatch.exe", "kwsprod.exe", "kxeserv.exe", "launcher.exe", "ldnetmon.exe", "ldpro.exe", "ldpromenu.exe", "ldscan.exe", "leventmgr.exe", "livesrv.exe", "lmon.exe", "lnetinfo.exe", "loader.exe", "localnet.exe", "lockdown.exe", "lockdown2000.exe", "log_qtine.exe", "lookout.exe", "lordpe.exe", "lsetup.exe", "luall.exe", "luau.exe", "lucallbackproxy.exe", "lucoms.exe", "lucomserver.exe", "lucoms~1.exe", "luinit.exe", "luspt.exe", "makereport.exe", "mantispm.exe", "mapisvc32.exe", "masalert.exe", "massrv.exe", "mcafeefire.exe", "mcagent.exe", "mcappins.exe", "mcconsol.exe", "mcdash.exe", "mcdetect.exe", "mcepoc.exe", "mcepocfg.exe", "mcinfo.exe", "mcmnhdlr.exe", "mcmscsvc.exe", "mcods.exe", "mcpalmcfg.exe", "mcpromgr.exe", "mcregwiz.exe", "mcscript.exe", "mcscript_inuse.exe", "mcshell.exe", "mcshield.exe", "mcshld9x.exe", "mcsysmon.exe", "mctool.exe", "mctray.exe", "mctskshd.exe", "mcuimgr.exe", "mcupdate.exe", "mcupdmgr.exe", "mcvsftsn.exe", "mcvsrte.exe", "mcvsshld.exe", "mcwce.exe", "mcwcecfg.exe", "md.exe", "mfeann.exe", "mfevtps.exe", "mfin32.exe", "mfw2en.exe", "mfweng3.02d30.exe", "mgavrtcl.exe", "mgavrte.exe", "mghtml.exe", "mgui.exe", "minilog.exe", "mmod.exe", "monitor.exe", "monsvcnt.exe", "monsysnt.exe", "moolive.exe", "mostat.exe", "mpcmdrun.exe", "mpf.exe", "mpfagent.exe", "mpfconsole.exe", "mpfservice.exe", "mpftray.exe", "mps.exe", "mpsevh.exe", "mpsvc.exe", "mrf.exe", "mrflux.exe", "msapp.exe", "msascui.exe", "msbb.exe", "msblast.exe", "mscache.exe", "msccn32.exe", "mscifapp.exe", "mscman.exe", "msconfig.exe", "msdm.exe", "msdos.exe", "msiexec16.exe", "mskagent.exe", "mskdetct.exe", "msksrver.exe", "msksrvr.exe", "mslaugh.exe", "msmgt.exe", "msmpeng.exe", "msmsgri32.exe", "msscli.exe", "msseces.exe", "mssmmc32.exe", "msssrv.exe", "mssys.exe", "msvxd.exe", "mu0311ad.exe", "mwatch.exe", "myagttry.exe", "n32scanw.exe", "nSMDemf.exe", "nSMDmon.exe", "nSMDreal.exe", "nSMDsch.exe", "naPrdMgr.exe", "nav.exe", "navap.navapsvc.exe", "navapsvc.exe", "navapw32.exe", "navdx.exe", "navlu32.exe", "navnt.exe", "navstub.exe", "navw32.exe", "navwnt.exe", "nc2000.exe", "ncinst4.exe"); 12 | @av1 = @("MSASCuiL.exe", "CylanceSvc.exe", "ndd32.exe", "ndetect.exe", "neomonitor.exe", "neotrace.exe", "neowatchlog.exe", "netalertclient.exe", "netarmor.exe", "netcfg.exe", "netd32.exe", "netinfo.exe", "netmon.exe", "netscanpro.exe", "netspyhunter-1.2.exe", "netstat.exe", "netutils.exe", "networx.exe", "ngctw32.exe", "ngserver.exe", "nip.exe", "nipsvc.exe", "nisoptui.exe", "nisserv.exe", "nisum.exe", "njeeves.exe", "nlsvc.exe", "nmain.exe", "nod32.exe", "nod32krn.exe", "nod32kui.exe", "normist.exe", "norton_internet_secu_3.0_407.exe", "notstart.exe", "npf40_tw_98_nt_me_2k.exe", "npfmessenger.exe", "npfmntor.exe", "npfmsg.exe", "nprotect.exe", "npscheck.exe", "npssvc.exe", "nrmenctb.exe", "nsched32.exe", "nscsrvce.exe", "nsctop.exe", "nsmdtr.exe", "nssys32.exe", "nstask32.exe", "nsupdate.exe", "nt.exe", "ntcaagent.exe", "ntcadaemon.exe", "ntcaservice.exe", "ntrtscan.exe", "ntvdm.exe", "ntxconfig.exe", "nui.exe", "nupgrade.exe", "nvarch16.exe", "nvc95.exe", "nvcoas.exe", "nvcsched.exe", "nvsvc32.exe", "nwinst4.exe", "nwservice.exe", "nwtool16.exe", "nymse.exe", "oasclnt.exe", "oespamtest.exe", "ofcdog.exe", "ofcpfwsvc.exe", "okclient.exe", "olfsnt40.exe", "ollydbg.exe", "onsrvr.exe", "op_viewer.exe", "opscan.exe", "optimize.exe", "ostronet.exe", "otfix.exe", "outpost.exe", "outpostinstall.exe", "outpostproinstall.exe", "paamsrv.exe", "padmin.exe", "pagent.exe", "pagentwd.exe", "panixk.exe", "patch.exe", "pavbckpt.exe", "pavcl.exe", "pavfires.exe", "pavfnsvr.exe", "pavjobs.exe", "pavkre.exe", "pavmail.exe", "pavprot.exe", "pavproxy.exe", "pavprsrv.exe", "pavsched.exe", "pavsrv50.exe", "pavsrv51.exe", "pavsrv52.exe", "pavupg.exe", "pavw.exe", "pccNT.exe", "pccclient.exe", "pccguide.exe", "pcclient.exe", "pccnt.exe", "pccntmon.exe", "pccntupd.exe", "pccpfw.exe", "pcctlcom.exe", "pccwin98.exe", "pcfwallicon.exe", "pcip10117_0.exe", "pcscan.exe", "pctsAuxs.exe", "pctsGui.exe", "pctsSvc.exe", "pctsTray.exe", "pdsetup.exe", "pep.exe", "periscope.exe", "persfw.exe", "perswf.exe", "pf2.exe", "pfwadmin.exe", "pgmonitr.exe", "pingscan.exe", "platin.exe", "pmon.exe", "pnmsrv.exe", "pntiomon.exe", "pop3pack.exe", "pop3trap.exe", "poproxy.exe", "popscan.exe", "portdetective.exe", "portmonitor.exe", "powerscan.exe", "ppinupdt.exe", "ppmcativedetection.exe", "pptbc.exe", "ppvstop.exe", "pqibrowser.exe", "pqv2isvc.exe", "prevsrv.exe", "prizesurfer.exe", "prmt.exe", "prmvr.exe", "programauditor.exe", "proport.exe", "protectx.exe", "psctris.exe", "psh_svc.exe", "psimreal.exe", "psimsvc.exe", "pskmssvc.exe", "pspf.exe", "purge.exe", "pview.exe", "pviewer.exe", "pxemtftp.exe", "pxeservice.exe", "qclean.exe", "qconsole.exe", "qdcsfs.exe", "qoeloader.exe", "qserver.exe", "rapapp.exe", "rapuisvc.exe", "ras.exe", "rasupd.exe", "rav7.exe", "rav7win.exe", "rav8win32eng.exe", "ravmon.exe", "ravmond.exe", "ravstub.exe", "ravxp.exe", "ray.exe", "rb32.exe", "rcsvcmon.exe", "rcsync.exe", "realmon.exe", "reged.exe", "remupd.exe", "reportsvc.exe", "rescue.exe", "rescue32.exe", "rfwmain.exe", "rfwproxy.exe", "rfwsrv.exe", "rfwstub.exe", "rnav.exe", "rrguard.exe", "rshell.exe", "rsnetsvr.exe", "rstray.exe", "rtvscan.exe", "rtvscn95.exe", "rulaunch.exe", "saHookMain.exe", "safeboxtray.exe", "safeweb.exe", "sahagent.exescan32.exe", "sav32cli.exe", "save.exe", "savenow.exe", "savroam.exe", "savscan.exe", "savservice.exe", "sbserv.exe", "scam32.exe", "scan32.exe", "scan95.exe", "scanexplicit.exe", "scanfrm.exe", "scanmailoutlook.exe", "scanpm.exe", "schdsrvc.exe", "schupd.exe", "scrscan.exe", "seestat.exe", "serv95.exe", "setloadorder.exe", "setup_flowprotector_us.exe", "setupguimngr.exe", "setupvameeval.exe", "sfc.exe", "sgssfw32.exe", "sh.exe", "shellspyinstall.exe", "shn.exe", "showbehind.exe", "shstat.exe", "siteadv.exe", "smOutlookPack.exe", "smc.exe", "smoutlookpack.exe", "sms.exe", "smsesp.exe", "smss32.exe", "sndmon.exe", "sndsrvc.exe", "soap.exe", "sofi.exe", "softManager.exe", "spbbcsvc.exe", "spf.exe", "sphinx.exe", "spideragent.exe", "spiderml.exe", "spidernt.exe", "spiderui.exe", "spntsvc.exe", "spoler.exe", "spoolcv.exe", "spoolsv32.exe", "spyxx.exe", "srexe.exe", "srng.exe", "srvload.exe", "srvmon.exe", "ss3edit.exe", "sschk.exe", "ssg_4104.exe", "ssgrate.exe", "st2.exe", "stcloader.exe", "stinger.exe", "stopp.exe", "stwatchdog.exe", "supftrl.exe", "support.exe", "supporter5.exe", "svcGenericHost", "svcharge.exe", "svchostc.exe", "svchosts.exe", "svcntaux.exe", "svdealer.exe", "svframe.exe", "svtray.exe", "swdsvc.exe", "sweep95.exe", "sweepnet.sweepsrv.sys.swnetsup.exe", "sweepsrv.exe", "swnetsup.exe", "swnxt.exe", "swserver.exe", "symlcsvc.exe", "symproxysvc.exe", "symsport.exe", "symtray.exe", "symwsc.exe", "sysdoc32.exe", "sysedit.exe", "sysupd.exe", "taskmo.exe", "taumon.exe", "tbmon.exe", "tbscan.exe", "tc.exe", "tca.exe", "tclproc.exe", "tcm.exe", "tdimon.exe", "tds-3.exe", "tds2-98.exe", "tds2-nt.exe", "teekids.exe", "tfak.exe", "tfak5.exe", "tgbob.exe", "titanin.exe", "titaninxp.exe", "tmas.exe", "tmlisten.exe", "tmntsrv.exe", "tmpfw.exe", "tmproxy.exe", "tnbutil.exe", "tpsrv.exe", "tracesweeper.exe", "trickler.exe", "trjscan.exe", "trjsetup.exe", "trojantrap3.exe", "trupd.exe", "tsadbot.exe", "tvmd.exe", "tvtmd.exe", "udaterui.exe", "undoboot.exe", "unvet32.exe", "updat.exe", "updtnv28.exe", "upfile.exe", "upgrad.exe", "uplive.exe", "urllstck.exe", "usergate.exe", "usrprmpt.exe", "utpost.exe", "v2iconsole.exe", "v3clnsrv.exe", "v3exec.exe", "v3imscn.exe", "vbcmserv.exe", "vbcons.exe", "vbust.exe", "vbwin9x.exe", "vbwinntw.exe", "vcsetup.exe", "vet32.exe", "vet95.exe", "vetmsg.exe", "vettray.exe", "vfsetup.exe", "vir-help.exe", "virusmdpersonalfirewall.exe", "vnlan300.exe", "vnpc3000.exe", "vpatch.exe", "vpc32.exe", "vpc42.exe", "vpfw30s.exe", "vprosvc.exe", "vptray.exe", "vrv.exe", "vrvmail.exe", "vrvmon.exe", "vrvnet.exe", "vscan40.exe", "vscenu6.02d30.exe", "vsched.exe", "vsecomr.exe", "vshwin32.exe", "vsisetup.exe", "vsmain.exe", "vsmon.exe", "vsserv.exe", "vsstat.exe", "vstskmgr.exe", "vswin9xe.exe", "vswinntse.exe", "vswinperse.exe", "w32dsm89.exe", "w9x.exe", "watchdog.exe", "webdav.exe", "webproxy.exe", "webscanx.exe", "webtrap.exe", "webtrapnt.exe", "wfindv32.exe", "wfxctl32.exe", "wfxmod32.exe", "wfxsnt40.exe", "whoswatchingme.exe", "wimmun32.exe", "win-bugsfix.exe", "winactive.exe", "winmain.exe", "winnet.exe", "winppr32.exe", "winrecon.exe", "winroute.exe", "winservn.exe", "winssk32.exe", "winstart.exe", "winstart001.exe", "wintsk32.exe", "winupdate.exe", "wkufind.exe", "wnad.exe", "wnt.exe", "wradmin.exe", "wrctrl.exe", "wsbgate.exe", "wssfcmai.exe", "wupdater.exe", "wupdt.exe", "wyvernworksfirewall.exe", "xagt.exe", "xagtnotif.exe", "xcommsvr.exe", "xfilter.exe", "xpf202en.exe", "zanda.exe", "zapro.exe", "zapsetup3001.exe", "zatutor.exe", "zhudongfangyu.exe", "zlclient.exe", "zlh.exe", "zonalm2601.exe", "zonealarm.exe"); 13 | @av2 = @("D_Safe_Manage.exe", "d_manage.exe", "PC.exe", "yunsuo_agent_service.exe", "yunsuo_agent_daemon.exe", "gov_defence_daemon.exe", "gov_defence_service.exe", "AliYunDun.exe", "AliYunDunUpdate.exe", "aliyun_assist_service.exe", "360WebSafe.exe", "QHSrv.exe", "QHWebshellGuard.exe", "CloudHelper.exe", "SafeDogTray.exe", "SafeDogGuardCenter.exe", "SafeDogUpdateCenter.exe", "SafeDogSiteApache.exe", "SafeDogSiteIIS.exe", "SafeDogServerUI.exe", "hws.exe", "hwsd.exe", "hws_ui.exe", "HwsPanel.exe", "HipsDaemon.exe", "HipsTray.exe", "HipsLog.exe", "HipsMain.exe", "usysdiag.exe", "wsctrl.exe", "QQPCRTP.exe", "QQPCTray.exe", "QQPCNetFlow.exe", "QQPCRealTimeSpeedup.exe", "360sd.exe", "360rp.exe", "360Safe.exe", "360tray.exe", "LiveUpdate360.exe", "zhudongfangyu.exe", "safeboxTray", "360safebox.exe", "360skylarsvc.exe", "SavMain.exe", "SavProgress.exe", "mbam.exe", "mbamtray.exe", "MBAMService.exe", "TMBMSRV.exe", "ntrtscan.exe", "VsTskMgr.exe", "McShield.exe", "mfevtps.exe", "mfeann.exe", "Tbmon.exe", "shstat.exe", "McTray.exe", "UdaterUI.exe", "naPrdMgr.exe", "EngineServer.exe", "FrameworkService.exe", "AVK.exe", "GDScan.exe", "AVKWCtl.exe", "AVKCl.exe", "AVKProxy.exe", "AVKBackupService.exe", "ccEvtMgr.exe", "ccSetMgr.exe", "ccsvchst.exe", "rtvscan.exe", "smc.exe", "smcGui.exe", "snac.exe", "SymCorpUI.exe", "MsMpEng.exe", "NisSrv.exe", "MsSense.exe", "msseces.exe", "MpCmdRun.exe", "MSASCui.exe", "MSASCuiL.exe", "SecurityHealthService.exe", "avp.exe", "kavfs.exe", "klnagent.exe", "kavtray.exe", "kavfswp.exe", "ekrn.exe", "egui.exe", "EShaSrv.exe", "eguiProxy.exe", "avg.exe", "avgwdsvc.exe", "AvastUI.exe", "ashDisp.exe", "ClamTray.exe", "clamscan.exe", "avcenter.exe", "avguard.exe", "avgnt.exe", "sched.exe", "bddownloader.exe", "baiduSafeTray.exe", "baiduansvx.exe", "BaiduSd.exe", "BaiduSdSvc.exe", "BaiduSdTray.exe", "F-PROT.exe", "vba32lder.exe", "K7TSecurity.exe", "iptray.exe", "CMCTrayIcon.exe", "BKavService.exe", "nspupsvc.exe", "a2guard.exe", "ad-watch.exe", "UnThreat.exe", "PSafeSysTray.exe", "patray.exe", "V3Svc.exe", "cleaner8.exe", "MongoosaGUI.exe", "secenter.exe", "AYAgent.exe", "ksafe.exe", "KvMonXP.exe", "RavMon.exe", "RavMonD.exe", "kxescore.exe", "kupdata.exe", "kxetray.exe", "kwsprotect64.exe", "KSafeTray.exe", "knsdtray.exe", "SBAMSvc.exe", "remupd.exe", "spidernt.exe", "QUHLPSVC.exe", "fsavgui.exe", "f-secure.exe", "ArcaTasksService.exe", "vsserv.exe", "AVWatchService.exe", "ns.exe", "ccapp.exe", "vptray.exe", "NPFMntor.exe", "ccRegVfy.exe", "SNDSrvc.exe", "SPBBCSvc.exe", "symlcsvc.exe", "CorantiControlCenter32.exe", "CKSoftShiedAntivirus4.exe", "SpywareTerminatorShield.exe", "USBKiller.exe", "AST.exe", "FortiTray.exe", "GG.exe", "adam.exe", "kpfwtray.exe", "beikesan.exe", "parmor.exe", "Iparmor.exe", "KSWebShield.exe", "TrojanHunter.exe", "WEBSCANX.EXE", "ananwidget.exe", "pfw.exe", "cfp.exe", "MPMon.exe", "rfwmain.exe", "SPHINX.EXE", "vsmon.exe", "FYFireWall.exe", "acs.exe", "outpost.exe"); 14 | @admin = @("Code.exe", "notepad++.exe", "notepad.exe", "cmd.exe", "drwatson.exe", "DRWTSN32.EXE", "drwtsn32.exe", "dumpcap.exe", "ethereal.exe", "filemon.exe", "idag.exe", "idaw.exe", "k1205.exe", "loader32.exe", "netmon.exe", "netstat.exe", "netxray.exe", "NmWebService.exe", "nukenabber.exe", "portmon.exe", "powershell.exe", "PRTG Traffic Gr.exe", "PRTG Traffic Grapher.exe", "prtgwatchdog.exe", "putty.exe", "regmon.exe", "SystemEye.exe", "taskman.exe", "TASKMGR.EXE", "tcpview.exe", "Totalcmd.exe", "TrafMonitor.exe", "windbg.exe", "winobj.exe", "wireshark.exe", "WMonAvNScan.exe", "WMonAvScan.exe", "WMonSrv.exe","regedit.exe", "regedit32.exe", "accesschk.exe", "accesschk64.exe", "AccessEnum.exe", "ADExplorer.exe", "ADInsight.exe", "adrestore.exe", "Autologon.exe", "Autoruns.exe", "Autoruns64.exe", "autorunsc.exe", "autorunsc64.exe", "Bginfo.exe", "Bginfo64.exe", "Cacheset.exe", "Clockres.exe", "Clockres64.exe", "Contig.exe", "Contig64.exe", "Coreinfo.exe", "ctrl2cap.exe", "Dbgview.exe", "Desktops.exe", "disk2vhd.exe", "diskext.exe", "diskext64.exe", "Diskmon.exe", "DiskView.exe", "du.exe", "du64.exe", "efsdump.exe", "FindLinks.exe", "FindLinks64.exe", "handle.exe", "handle64.exe", "hex2dec.exe", "hex2dec64.exe", "junction.exe", "junction64.exe", "ldmdump.exe", "Listdlls.exe", "Listdlls64.exe", "livekd.exe", "livekd64.exe", "LoadOrd.exe", "LoadOrd64.exe", "LoadOrdC.exe", "LoadOrdC64.exe", "logonsessions.exe", "logonsessions64.exe", "movefile.exe", "movefile64.exe", "notmyfault.exe", "notmyfault64.exe", "notmyfaultc.exe", "notmyfaultc64.exe", "ntfsinfo.exe", "ntfsinfo64.exe", "pagedfrg.exe", "pendmoves.exe", "pendmoves64.exe", "pipelist.exe", "pipelist64.exe", "portmon.exe", "procdump.exe", "procdump64.exe", "procexp.exe", "procexp64.exe", "Procmon.exe", "PsExec.exe", "PsExec64.exe", "psfile.exe", "psfile64.exe", "PsGetsid.exe", "PsGetsid64.exe", "PsInfo.exe", "PsInfo64.exe", "pskill.exe", "pskill64.exe", "pslist.exe", "pslist64.exe", "PsLoggedon.exe", "PsLoggedon64.exe", "psloglist.exe", "pspasswd.exe", "pspasswd64.exe", "psping.exe", "psping64.exe", "PsService.exe", "PsService64.exe", "psshutdown.exe", "pssuspend.exe", "pssuspend64.exe", "RAMMap.exe", "RegDelNull.exe", "RegDelNull64.exe", "regjump.exe", "ru.exe", "ru64.exe", "sdelete.exe", "sdelete64.exe", "ShareEnum.exe", "ShellRunas.exe", "sigcheck.exe", "sigcheck64.exe", "streams.exe", "streams64.exe", "strings.exe", "strings64.exe", "sync.exe", "sync64.exe", "Sysmon.exe", "Sysmon64.exe", "Tcpvcon.exe", "Tcpview.exe", "Testlimit.exe", "Testlimit64.exe", "vmmap.exe", "Volumeid.exe", "Volumeid64.exe", "whois.exe", "whois64.exe", "Winobj.exe", "ZoomIt.exe"); 15 | 16 | #Arsenii: @final_ps is going to be our final array, we are going to build it as we figure out all child-parent relationships 17 | # temp_ps is going to be a temp array 18 | # reverse array is used to append children starting with the lowest pid 19 | # had to declare those global since we need to access those from within some functions we are going to declare 20 | global('@ps @final_ps @reverse_ps @temp_ps'); 21 | local('$outps $temp $name $ppid $pid $arch $user $session'); 22 | $outps .= "\cC[*]\o Process List with process highlighting\n"; 23 | $outps .= "\cC[*]\o Current Running PID: \c8 Yellow ". $bd['pid'] ." \o \n"; 24 | $outps .= "\cC[*]\o Explorer/Winlogon: \c2 BLUE \o \n"; 25 | $outps .= "\cC[*]\o Admin Tools: \cB LIGHT BLUE \o \n"; 26 | $outps .= "\cC[*]\o Browsers: \c3 GREEN \o \n"; 27 | $outps .= "\cC[*]\o AV/EDR/WAF: \c4 RED \o \n\n"; 28 | $outps .= " PID PPID Name Arch Session User\n"; 29 | $outps .= "\cE --- ---- ---- ---- ------- ----\n"; 30 | 31 | foreach $temp (split("\n", ["$2" trim])) { 32 | ($name, $ppid, $pid, $arch, $user, $session) = split("\t", $temp); 33 | 34 | # highlight AV processes in RED. 35 | if(iff($name in @av,true,false)) { 36 | push(@ps, %(pid => $pid, ppid => $ppid, pid_formatted => "$[5]pid", ppid_formatted => "$[5]ppid", color => "\c4", name => $name, arch => "$[5]arch", session => "$[11]session", user => $user)); 37 | } 38 | 39 | # highlight AV processes in RED. 40 | else if (iff($name in @av1,true,false)) { 41 | push(@ps, %(pid => $pid, ppid => $ppid, pid_formatted => "$[5]pid", ppid_formatted => "$[5]ppid", color => "\c4", name => $name, arch => "$[5]arch", session => "$[11]session", user => $user)); 42 | } 43 | 44 | # highlight AV/WAF processes in RED. 45 | else if (iff($name in @av2,true,false)) { 46 | push(@ps, %(pid => $pid, ppid => $ppid, pid_formatted => "$[5]pid", ppid_formatted => "$[5]ppid", color => "\c4", name => $name, arch => "$[5]arch", session => "$[11]session", user => $user)); 47 | } 48 | 49 | # highlight explorer , winlogon in BLUE 50 | else if ($name eq "explorer.exe" || $name eq "winlogon.exe") { 51 | push(@ps, %(pid => $pid, ppid => $ppid, pid_formatted => "$[5]pid", ppid_formatted => "$[5]ppid", color => "\c2", name => $name, arch => "$[5]arch", session => "$[11]session", user => $user)); 52 | } 53 | 54 | # highlight browsers processes in GREEN 55 | else if ($name eq "chrome.exe" || $name eq "firefox.exe" || $name eq "iexplore.exe" || $name eq "MicrosoftEdgeCP.exe") { 56 | push(@ps, %(pid => $pid, ppid => $ppid, pid_formatted => "$[5]pid", ppid_formatted => "$[5]ppid", color => "\c3", name => $name, arch => "$[5]arch", session => "$[11]session", user => $user)); 57 | } 58 | 59 | # highlight Admin Tools in Light Blue 60 | # Arsenii: small bug fix to not include if this is our beacon PID 61 | else if(iff($name in @admin && $pid != $bd['pid'],true,false)) { 62 | push(@ps, %(pid => $pid, ppid => $ppid, pid_formatted => "$[5]pid", ppid_formatted => "$[5]ppid", color => "\cB", name => $name, arch => "$[5]arch", session => "$[11]session", user => $user)); 63 | } 64 | 65 | # highlight current process in YELLOW 66 | else if ($pid == $bd['pid']) { 67 | push(@ps, %(pid => $pid, ppid => $ppid, pid_formatted => "$[5]pid", ppid_formatted => "$[5]ppid", color => "\c8", name => $name, arch => "$[5]arch", session => "$[11]session", user => $user)); 68 | } 69 | 70 | else { 71 | push(@ps, %(pid => $pid, ppid => $ppid, pid_formatted => "$[5]pid", ppid_formatted => "$[5]ppid", color => "", name => $name, arch => "$[5]arch", session => "$[11]session", user => $user)); 72 | } 73 | } 74 | 75 | # sort the processes please 76 | sort({ return $1['pid'] <=> $2['pid']; }, @ps); 77 | 78 | # get the @ps array in a reverse order for the ascending child sorting order 79 | @reverse_ps = reverse(@ps); 80 | 81 | 82 | # this function will find all orphan processes and add them to the final_ps. Those will be in the root of the process tree 83 | sub buildOrphanage{ 84 | for ($counter4 = 0; $counter4 < size($1); $counter4++){ 85 | $orphan = true; 86 | 87 | for ($counter5 = 0; $counter5 < size($1); $counter5++){ 88 | if ($1[$counter4]['ppid'] == $1[$counter5]['pid']){ 89 | $orphan = false; 90 | break; 91 | } 92 | } 93 | 94 | # PID zero - it's gotta be an orphan, poor kid 95 | if ($1[$counter4]['pid'] == 0){ 96 | $orphan = true; 97 | } 98 | 99 | 100 | if ($orphan == true){ 101 | #set indentation and push to the @final_ps 102 | $1[$counter4]['indent'] = ""; 103 | push($2, $1[$counter4]); 104 | } 105 | } 106 | } 107 | 108 | # finds an index of a given PID in the array 109 | sub findArrayElement{ 110 | foreach $index => $value ($1){ 111 | if ($1[$index]['pid'] == $2){ 112 | return $index; 113 | } 114 | } 115 | return $null; 116 | } 117 | 118 | # adds parent and all of its children to a temp_ps which then being copied into a final_ps 119 | sub addChildrenProcesses{ 120 | # for every parent in the current final_ps 121 | foreach $parent ($2){ 122 | 123 | # check if that parent is already there 124 | $arrayIndex = findArrayElement($1, $parent['pid']); 125 | 126 | # if the parent is not there - add it first 127 | if ($arrayIndex == $null){ 128 | #add the parent first 129 | push($1, $parent); 130 | 131 | # update arrayIndex for children to follow 132 | $arrayIndex = size($1) - 1; 133 | } 134 | 135 | #now find all the children of the process and insert those right under the parent 136 | foreach $potentialChild ($3){ 137 | if ($potentialChild['ppid'] == $parent['pid'] && $potentialChild['ppid'] != $potentialChild['pid']){ 138 | $potentialChild['indent'] = $parent['indent'] . " "; 139 | add($1, $potentialChild, $arrayIndex + 1); 140 | } 141 | } 142 | } 143 | # update @final_ps 144 | $2 = copy($1); 145 | # clear temp_ps 146 | clear($1); 147 | } 148 | 149 | buildOrphanage(@ps, @final_ps); 150 | 151 | # until @final_ps is not going to be the same size as @ps, keep adding children 152 | # WARNING: if something doesn't work correctly (variable scope??) this will create an infinite loop with Cobalt Strike hanging itself 153 | while (size(@final_ps) < size(@ps)){ 154 | addChildrenProcesses(@temp_ps, @final_ps, @reverse_ps); 155 | $final_ps_size = size(@final_ps); 156 | } 157 | 158 | 159 | # in case of an infinite loop, this can be used to debug 160 | # for ($counter1 = 0; $counter1 < 10; $counter1++){ 161 | # addChildrenProcesses(@temp_ps, @final_ps, @reverse_ps); 162 | 163 | # } 164 | 165 | # append to our outstring 166 | foreach $temp (@final_ps) { 167 | # for some reason this was the best way to format that string 168 | $temp_name = $temp['indent'] . $temp['name']; 169 | 170 | $outps .= "$temp['color'] $temp['pid_formatted'] $temp['ppid_formatted'] $[38]temp_name $temp['arch'] $temp['session'] $temp['user']\o\n"; 171 | } 172 | 173 | # clear these arrays since for some reason they persist after each aggressor script run 174 | clear(@final_ps); 175 | clear(@ps); 176 | 177 | return $outps; 178 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Antivirus-detection 2 | * 程序源码用的[@r00tSe7en](#)老哥的“get_AV”项目。 3 | * 原项目地址:https://github.com/r00tSe7en/get_AV 4 | * 进程数据来源:[@r00tSe7en](https://github.com/r00tSe7en)、[@NS-Sp4ce](https://github.com/NS-Sp4ce)、[@3had0w](https://github.com/3had0w)、[@gh0stkey](https://github.com/gh0stkey/avList)。 5 | * 其他类似项目:https://github.com/uknowsec/SharpAVKB 6 | 7 | 随手写了个批处理,不过存在一定漏报,因为用qprocess的缺陷就是进程名称过长后便无法查到! 8 | * 清理痕迹:C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content 9 | 10 | ![Antivirus](./Antivirus.png "Antivirus") 11 | -------------------------------------------------------------------------------- /SharpAV/Program-1.cs: -------------------------------------------------------------------------------- 1 | using Microsoft.Win32; 2 | using System; 3 | using System.Collections.Generic; 4 | using System.Diagnostics; 5 | using System.Text; 6 | using System.Text.RegularExpressions; 7 | 8 | namespace SharpAV 9 | { 10 | class Program 11 | { 12 | static void Main(string[] args) 13 | { 14 | Console.WriteLine(@""+"\r"); 15 | AVDetection(); 16 | } 17 | public static void AVDetection() 18 | { 19 | Dictionary av_list = new Dictionary(); 20 | av_list.Add("d_safe_manage.exe", "d盾"); 21 | av_list.Add("d_manage.exe", "d盾"); 22 | av_list.Add("pc.exe", "云锁客户端"); 23 | av_list.Add("yunsuo_agent_service.exe", "云锁服务端"); 24 | av_list.Add("yunsuo_agent_daemon.exe", "云锁服务端"); 25 | av_list.Add("gov_defence_daemon.exe", "govdefence(网防g01)"); 26 | av_list.Add("gov_defence_service.exe", "govdefence(网防g01)"); 27 | av_list.Add("aliyundun.exe", "阿里云盾"); 28 | av_list.Add("aliyundunupdate.exe", "阿里云盾"); 29 | av_list.Add("aliyun_assist_service.exe", "阿里云盾"); 30 | av_list.Add("360websafe.exe", "360主机卫士"); 31 | av_list.Add("qhsrv.exe", "360主机卫士"); 32 | av_list.Add("qhwebshellguard.exe", "360主机卫士"); 33 | av_list.Add("cloudhelper.exe", "安全狗"); 34 | av_list.Add("safedogtray.exe", "安全狗"); 35 | av_list.Add("safedogguardcenter.exe", "安全狗"); 36 | av_list.Add("safedogupdatecenter.exe", "安全狗"); 37 | av_list.Add("safedogsiteapache.exe", "网站安全狗(apache)"); 38 | av_list.Add("safedogsiteiis.exe", "网站安全狗(iis)"); 39 | av_list.Add("safedogserverui.exe", "服务器安全狗"); 40 | av_list.Add("hws.exe", "护卫神·入侵防护系统"); 41 | av_list.Add("hwsd.exe", "护卫神·入侵防护系统"); 42 | av_list.Add("hws_ui.exe", "护卫神·入侵防护系统"); 43 | av_list.Add("hwspanel.exe", "护卫神·入侵防护系统"); 44 | av_list.Add("hipsdaemon.exe", "火绒安全软件"); 45 | av_list.Add("hipstray.exe", "火绒安全软件"); 46 | av_list.Add("hipslog.exe", "火绒安全软件"); 47 | av_list.Add("hipsmain.exe", "火绒安全软件"); 48 | av_list.Add("usysdiag.exe", "火绒安全软件"); 49 | av_list.Add("wsctrl.exe", "火绒安全软件"); 50 | av_list.Add("qqpcrtp.exe", "腾讯电脑管家"); 51 | av_list.Add("qqpctray.exe", "腾讯电脑管家"); 52 | av_list.Add("qqpcnetflow.exe", "腾讯电脑管家"); 53 | av_list.Add("qqpcrealtimespeedup.exe", "腾讯电脑管家"); 54 | av_list.Add("360sd.exe", "360杀毒"); 55 | av_list.Add("360rp.exe", "360杀毒"); 56 | av_list.Add("360safe.exe", "360安全卫士"); 57 | av_list.Add("360tray.exe", "360实时保护"); 58 | av_list.Add("liveupdate360.exe", "360更新程序"); 59 | av_list.Add("zhudongfangyu.exe", "360主动防御"); 60 | av_list.Add("safeboxtray", "360保险箱保护程序"); 61 | av_list.Add("360safebox.exe", "360保险箱主程序"); 62 | av_list.Add("360skylarsvc.exe", "360天擎终端安全管理系统"); 63 | av_list.Add("savmain.exe", "sophos杀毒"); 64 | av_list.Add("savprogress.exe", "sophos杀毒"); 65 | av_list.Add("mbam.exe", "malwarebytes杀毒"); 66 | av_list.Add("mbamtray.exe", "malwarebytes杀毒"); 67 | av_list.Add("mbamservice.exe", "malwarebytes杀毒"); 68 | av_list.Add("tmbmsrv.exe", "pc-cillin趋势反病毒"); 69 | av_list.Add("ntrtscan.exe", "pc-cillin趋势反病毒"); 70 | av_list.Add("vstskmgr.exe", "mcafee(麦咖啡)"); 71 | av_list.Add("mcshield.exe", "mcafee(麦咖啡)"); 72 | av_list.Add("mfevtps.exe", "mcafee(麦咖啡)"); 73 | av_list.Add("mfeann.exe", "mcafee(麦咖啡)"); 74 | av_list.Add("tbmon.exe", "mcafee(麦咖啡)"); 75 | av_list.Add("shstat.exe", "mcafee(麦咖啡)"); 76 | av_list.Add("mctray.exe", "mcafee(麦咖啡)"); 77 | av_list.Add("udaterui.exe", "mcafee(麦咖啡)"); 78 | av_list.Add("naprdmgr.exe", "mcafee(麦咖啡)"); 79 | av_list.Add("engineserver.exe", "mcafee(麦咖啡)"); 80 | av_list.Add("frameworkservice.exe", "mcafee(麦咖啡)"); 81 | av_list.Add("avk.exe", "gdata安全防护软件"); 82 | av_list.Add("gdscan.exe", "gdata安全防护软件"); 83 | av_list.Add("avkwctl.exe", "gdata安全防护软件"); 84 | av_list.Add("avkcl.exe", "gdata安全防护软件"); 85 | av_list.Add("avkproxy.exe", "gdata安全防护软件"); 86 | av_list.Add("avkbackupservice.exe", "gdata安全防护软件"); 87 | av_list.Add("ccevtmgr.exe", "symantec(赛门铁克)"); 88 | av_list.Add("ccsetmgr.exe", "symantec(赛门铁克)"); 89 | av_list.Add("ccsvchst.exe", "symantec(赛门铁克) 或 norton(诺顿杀毒)"); 90 | av_list.Add("rtvscan.exe", "symantec(赛门铁克) 或 norton(诺顿杀毒)"); 91 | av_list.Add("smc.exe", "symantec(赛门铁克)"); 92 | av_list.Add("smcgui.exe", "symantec(赛门铁克)"); 93 | av_list.Add("snac.exe", "symantec(赛门铁克)"); 94 | av_list.Add("symcorpui.exe", "symantec(赛门铁克)"); 95 | av_list.Add("msmpeng.exe", "windows defender"); 96 | av_list.Add("nissrv.exe", "windows defender"); 97 | av_list.Add("mssense.exe", "windows defender"); 98 | av_list.Add("msseces.exe", "windows defender"); 99 | av_list.Add("mpcmdrun.exe", "windows defender"); 100 | av_list.Add("msascui.exe", "windows defender"); 101 | av_list.Add("msascuil.exe", "windows defender"); 102 | av_list.Add("securityhealthservice.exe", "windows defender"); 103 | av_list.Add("avp.exe", "kaspersky(卡巴斯基)"); 104 | av_list.Add("kavfs.exe", "kaspersky(卡巴斯基)"); 105 | av_list.Add("klnagent.exe", "kaspersky(卡巴斯基)"); 106 | av_list.Add("kavtray.exe", "kaspersky(卡巴斯基)"); 107 | av_list.Add("kavfswp.exe", "kaspersky(卡巴斯基)"); 108 | av_list.Add("ekrn.exe", "eset nod32防毒"); 109 | av_list.Add("egui.exe", "eset nod32防毒"); 110 | av_list.Add("eshasrv.exe", "eset nod32防毒"); 111 | av_list.Add("eguiproxy.exe", "eset nod32防毒"); 112 | av_list.Add("avg.exe", "avg杀毒"); 113 | av_list.Add("avgwdsvc.exe", "avg杀毒"); 114 | av_list.Add("avastui.exe", "avast!5主程序"); 115 | av_list.Add("ashdisp.exe", "avast网络安全"); 116 | av_list.Add("clamtray.exe", "clemwin free antivirus"); 117 | av_list.Add("clamscan.exe", "clemwin free antivirus"); 118 | av_list.Add("avcenter.exe", "avira(小红伞)"); 119 | av_list.Add("avguard.exe", "avira(小红伞)"); 120 | av_list.Add("avgnt.exe", "avira(小红伞)"); 121 | av_list.Add("sched.exe", "avira(小红伞)"); 122 | av_list.Add("bddownloader.exe", "百度卫士"); 123 | av_list.Add("baidusafetray.exe", "百度卫士"); 124 | av_list.Add("baiduansvx.exe", "百度卫士-主进程"); 125 | av_list.Add("baidusd.exe", "百度杀毒-主程序"); 126 | av_list.Add("baidusdsvc.exe", "百度杀毒-服务进程"); 127 | av_list.Add("baidusdtray.exe", "百度杀毒-托盘进程"); 128 | av_list.Add("f-prot.exe", "f-prot杀毒"); 129 | av_list.Add("vba32lder.exe", "vb32杀毒"); 130 | av_list.Add("k7tsecurity.exe", "k7杀毒"); 131 | av_list.Add("iptray.exe", "immunet杀毒"); 132 | av_list.Add("cmctrayicon.exe", "cmc杀毒"); 133 | av_list.Add("bkavservice.exe", "bkav杀毒"); 134 | av_list.Add("nspupsvc.exe", "nprotect杀毒"); 135 | av_list.Add("a2guard.exe", "a-squared杀毒"); 136 | av_list.Add("ad-watch.exe", "lavasoft杀毒"); 137 | av_list.Add("unthreat.exe", "unthreat杀毒"); 138 | av_list.Add("psafesystray.exe", "psafe反病毒"); 139 | av_list.Add("patray.exe", "ahnlab安博士杀毒"); 140 | av_list.Add("v3svc.exe", "ahnlab安博士v3杀毒"); 141 | av_list.Add("cleaner8.exe", "the cleaner杀毒"); 142 | av_list.Add("mongoosagui.exe", "mongoosa杀毒"); 143 | av_list.Add("secenter.exe", "bitdefender杀毒"); 144 | av_list.Add("ayagent.exe", "alyac韩国胶囊杀毒"); 145 | av_list.Add("ksafe.exe", "金山卫士"); 146 | av_list.Add("kvmonxp.exe", "江民杀毒"); 147 | av_list.Add("ravmon.exe", "瑞星杀毒"); 148 | av_list.Add("ravmond.exe", "瑞星杀毒"); 149 | av_list.Add("kxescore.exe", "金山毒霸"); 150 | av_list.Add("kupdata.exe", "金山毒霸"); 151 | av_list.Add("kxetray.exe", "金山毒霸"); 152 | av_list.Add("kwsprotect64.exe", "金山毒霸"); 153 | av_list.Add("ksafetray.exe", "金山卫士"); 154 | av_list.Add("knsdtray.exe", "可牛杀毒"); 155 | av_list.Add("sbamsvc.exe", "vipre杀毒"); 156 | av_list.Add("remupd.exe", "熊猫卫士杀毒"); 157 | av_list.Add("spidernt.exe", "dr.web杀毒"); 158 | av_list.Add("quhlpsvc.exe", "quickheal杀毒"); 159 | av_list.Add("fsavgui.exe", "f-secure冰岛杀毒"); 160 | av_list.Add("f-secure.exe", "f-secure冰岛杀毒"); 161 | av_list.Add("arcatasksservice.exe", "arcavir杀毒"); 162 | av_list.Add("vsserv.exe", "bitdefender比特梵德杀毒"); 163 | av_list.Add("avwatchservice.exe", "virusfighter杀毒"); 164 | av_list.Add("ns.exe", "norton诺顿杀毒"); 165 | av_list.Add("ccapp.exe", "norton诺顿杀毒"); 166 | av_list.Add("vptray.exe", "norton病毒防火墙-盾牌图标程序"); 167 | av_list.Add("npfmntor.exe", "norton杀毒软件相关进程"); 168 | av_list.Add("ccregvfy.exe", "norton杀毒软件自身完整性检查程序"); 169 | av_list.Add("sndsrvc.exe", "symantec shared诺顿邮件防火墙软件"); 170 | av_list.Add("spbbcsvc.exe", "symantec shared诺顿邮件防火墙软件"); 171 | av_list.Add("symlcsvc.exe", "symantec shared诺顿邮件防火墙软件"); 172 | av_list.Add("coranticontrolcenter32.exe", "coranti2012杀毒"); 173 | av_list.Add("cksoftshiedantivirus4.exe", "shield antivirus杀毒"); 174 | av_list.Add("spywareterminatorshield.exe", "spywareterminator杀毒"); 175 | av_list.Add("usbkiller.exe", "u盘杀毒专家"); 176 | av_list.Add("ast.exe", "超级巡警"); 177 | av_list.Add("fortitray.exe", "飞塔"); 178 | av_list.Add("gg.exe", "巨盾网游安全盾"); 179 | av_list.Add("adam.exe", "绿鹰安全精灵"); 180 | av_list.Add("kpfwtray.exe", "金山网镖"); 181 | av_list.Add("beikesan.exe", "贝壳云安全"); 182 | av_list.Add("parmor.exe", "木马克星"); 183 | av_list.Add("iparmor.exe", "木马克星"); 184 | av_list.Add("kswebshield.exe", "金山网盾"); 185 | av_list.Add("trojanhunter.exe", "木马猎手"); 186 | av_list.Add("webscanx.exe", "网络病毒克星"); 187 | av_list.Add("ananwidget.exe", "墨者安全专家"); 188 | av_list.Add("pfw.exe", "天网防火墙"); 189 | av_list.Add("cfp.exe", "comodo科摩多"); 190 | av_list.Add("mpmon.exe", "微点主动防御"); 191 | av_list.Add("rfwmain.exe", "瑞星防火墙"); 192 | av_list.Add("sphinx.exe", "sphinx防火墙"); 193 | av_list.Add("vsmon.exe", "zonealarm防火墙"); 194 | av_list.Add("fyfirewall.exe", "风云防火墙"); 195 | av_list.Add("acs.exe", "outpost防火墙"); 196 | av_list.Add("outpost.exe", "outpost防火墙"); 197 | 198 | Cmd c = new Cmd(); 199 | string resultStr = c.RunCmd("tasklist /svc"); 200 | resultStr = resultStr.ToLower(); 201 | Console.WriteLine("ProcessName" + " " + "Description"); 202 | Console.WriteLine("-----------" + " " + "-----------"); 203 | 204 | foreach (KeyValuePair kvp in av_list) 205 | { 206 | if (resultStr.IndexOf(kvp.Key) > -1) 207 | { 208 | Console.WriteLine(kvp.Key + " " + kvp.Value); 209 | } 210 | } 211 | } 212 | } 213 | 214 | /// 215 | /// Cmd 的摘要说明。 216 | /// 217 | public class Cmd 218 | { 219 | private Process proc = null; 220 | /// 221 | /// 构造方法 222 | /// 223 | public Cmd() 224 | { 225 | proc = new Process(); 226 | } 227 | /// 228 | /// 执行CMD语句 229 | /// 230 | /// 要执行的CMD命令 231 | public string RunCmd(string cmd) 232 | { 233 | proc.StartInfo.CreateNoWindow = true; 234 | proc.StartInfo.FileName = "cmd.exe"; 235 | proc.StartInfo.UseShellExecute = false; 236 | proc.StartInfo.RedirectStandardError = true; 237 | proc.StartInfo.RedirectStandardInput = true; 238 | proc.StartInfo.RedirectStandardOutput = true; 239 | proc.Start(); 240 | proc.StandardInput.WriteLine(cmd); 241 | proc.StandardInput.WriteLine("exit"); 242 | string outStr = proc.StandardOutput.ReadToEnd(); 243 | proc.Close(); 244 | return outStr; 245 | } 246 | } 247 | } -------------------------------------------------------------------------------- /SharpAV/Program.cs: -------------------------------------------------------------------------------- 1 | using Microsoft.Win32; 2 | using System; 3 | using System.Collections.Generic; 4 | using System.Diagnostics; 5 | using System.Text; 6 | using System.Text.RegularExpressions; 7 | 8 | namespace SharpAV 9 | { 10 | class Program 11 | { 12 | static void Main(string[] args) 13 | { 14 | Console.WriteLine(@" _____ _ __ __"); 15 | Console.WriteLine(@" / ____| | /\ \ / /"); 16 | Console.WriteLine(@" | (___ | |__ __ _ _ __ _ __ / \ \ / / "); 17 | Console.WriteLine(@" \___ \| '_ \ / _` | '__| '_ \ / /\ \ \/ / "); 18 | Console.WriteLine(@" ____) | | | | (_| | | | |_) / ____ \ / "); 19 | Console.WriteLine(@" |_____/|_| |_|\__,_|_| | .__/_/ \_\/ "); 20 | Console.WriteLine(@" | | "); 21 | Console.WriteLine(@" v1.0.0 |_| "+"\r\n"); 22 | AVDetection(); 23 | } 24 | public static void AVDetection() 25 | { 26 | Dictionary av_list = new Dictionary(); 27 | av_list.Add("d_safe_manage.exe", "d盾"); 28 | av_list.Add("d_manage.exe", "d盾"); 29 | av_list.Add("pc.exe", "云锁客户端"); 30 | av_list.Add("yunsuo_agent_service.exe", "云锁服务端"); 31 | av_list.Add("yunsuo_agent_daemon.exe", "云锁服务端"); 32 | av_list.Add("gov_defence_daemon.exe", "govdefence(网防g01)"); 33 | av_list.Add("gov_defence_service.exe", "govdefence(网防g01)"); 34 | av_list.Add("aliyundun.exe", "阿里云盾"); 35 | av_list.Add("aliyundunupdate.exe", "阿里云盾"); 36 | av_list.Add("aliyun_assist_service.exe", "阿里云盾"); 37 | av_list.Add("360websafe.exe", "360主机卫士"); 38 | av_list.Add("qhsrv.exe", "360主机卫士"); 39 | av_list.Add("qhwebshellguard.exe", "360主机卫士"); 40 | av_list.Add("cloudhelper.exe", "安全狗"); 41 | av_list.Add("safedogtray.exe", "安全狗"); 42 | av_list.Add("safedogguardcenter.exe", "安全狗"); 43 | av_list.Add("safedogupdatecenter.exe", "安全狗"); 44 | av_list.Add("safedogsiteapache.exe", "网站安全狗(apache)"); 45 | av_list.Add("safedogsiteiis.exe", "网站安全狗(iis)"); 46 | av_list.Add("safedogserverui.exe", "服务器安全狗"); 47 | av_list.Add("hws.exe", "护卫神·入侵防护系统"); 48 | av_list.Add("hwsd.exe", "护卫神·入侵防护系统"); 49 | av_list.Add("hws_ui.exe", "护卫神·入侵防护系统"); 50 | av_list.Add("hwspanel.exe", "护卫神·入侵防护系统"); 51 | av_list.Add("hipsdaemon.exe", "火绒安全软件"); 52 | av_list.Add("hipstray.exe", "火绒安全软件"); 53 | av_list.Add("hipslog.exe", "火绒安全软件"); 54 | av_list.Add("hipsmain.exe", "火绒安全软件"); 55 | av_list.Add("usysdiag.exe", "火绒安全软件"); 56 | av_list.Add("wsctrl.exe", "火绒安全软件"); 57 | av_list.Add("qqpcrtp.exe", "腾讯电脑管家"); 58 | av_list.Add("qqpctray.exe", "腾讯电脑管家"); 59 | av_list.Add("qqpcnetflow.exe", "腾讯电脑管家"); 60 | av_list.Add("qqpcrealtimespeedup.exe", "腾讯电脑管家"); 61 | av_list.Add("360sd.exe", "360杀毒"); 62 | av_list.Add("360rp.exe", "360杀毒"); 63 | av_list.Add("360safe.exe", "360安全卫士"); 64 | av_list.Add("360tray.exe", "360实时保护"); 65 | av_list.Add("liveupdate360.exe", "360更新程序"); 66 | av_list.Add("zhudongfangyu.exe", "360主动防御"); 67 | av_list.Add("safeboxtray", "360保险箱保护程序"); 68 | av_list.Add("360safebox.exe", "360保险箱主程序"); 69 | av_list.Add("360skylarsvc.exe", "360天擎终端安全管理系统"); 70 | av_list.Add("savmain.exe", "sophos杀毒"); 71 | av_list.Add("savprogress.exe", "sophos杀毒"); 72 | av_list.Add("mbam.exe", "malwarebytes杀毒"); 73 | av_list.Add("mbamtray.exe", "malwarebytes杀毒"); 74 | av_list.Add("mbamservice.exe", "malwarebytes杀毒"); 75 | av_list.Add("tmbmsrv.exe", "pc-cillin趋势反病毒"); 76 | av_list.Add("ntrtscan.exe", "pc-cillin趋势反病毒"); 77 | av_list.Add("vstskmgr.exe", "mcafee(麦咖啡)"); 78 | av_list.Add("mcshield.exe", "mcafee(麦咖啡)"); 79 | av_list.Add("mfevtps.exe", "mcafee(麦咖啡)"); 80 | av_list.Add("mfeann.exe", "mcafee(麦咖啡)"); 81 | av_list.Add("tbmon.exe", "mcafee(麦咖啡)"); 82 | av_list.Add("shstat.exe", "mcafee(麦咖啡)"); 83 | av_list.Add("mctray.exe", "mcafee(麦咖啡)"); 84 | av_list.Add("udaterui.exe", "mcafee(麦咖啡)"); 85 | av_list.Add("naprdmgr.exe", "mcafee(麦咖啡)"); 86 | av_list.Add("engineserver.exe", "mcafee(麦咖啡)"); 87 | av_list.Add("frameworkservice.exe", "mcafee(麦咖啡)"); 88 | av_list.Add("avk.exe", "gdata安全防护软件"); 89 | av_list.Add("gdscan.exe", "gdata安全防护软件"); 90 | av_list.Add("avkwctl.exe", "gdata安全防护软件"); 91 | av_list.Add("avkcl.exe", "gdata安全防护软件"); 92 | av_list.Add("avkproxy.exe", "gdata安全防护软件"); 93 | av_list.Add("avkbackupservice.exe", "gdata安全防护软件"); 94 | av_list.Add("ccevtmgr.exe", "symantec(赛门铁克)"); 95 | av_list.Add("ccsetmgr.exe", "symantec(赛门铁克)"); 96 | av_list.Add("ccsvchst.exe", "symantec(赛门铁克) 或 norton诺顿杀毒"); 97 | av_list.Add("rtvscan.exe", "symantec(赛门铁克) 或 norton诺顿杀毒"); 98 | av_list.Add("smc.exe", "symantec(赛门铁克)"); 99 | av_list.Add("smcgui.exe", "symantec(赛门铁克)"); 100 | av_list.Add("snac.exe", "symantec(赛门铁克)"); 101 | av_list.Add("msmpeng.exe", "windows defender"); 102 | av_list.Add("nissrv.exe", "windows defender"); 103 | av_list.Add("mssense.exe", "windows defender"); 104 | av_list.Add("msseces.exe", "windows defender"); 105 | av_list.Add("mpcmdrun.exe", "windows defender"); 106 | av_list.Add("avp.exe", "kaspersky(卡巴斯基)"); 107 | av_list.Add("kavfs.exe", "kaspersky(卡巴斯基)"); 108 | av_list.Add("klnagent.exe", "kaspersky(卡巴斯基)"); 109 | av_list.Add("kavtray.exe", "kaspersky(卡巴斯基)"); 110 | av_list.Add("kavfswp.exe", "kaspersky(卡巴斯基)"); 111 | av_list.Add("ekrn.exe", "eset nod32防毒"); 112 | av_list.Add("egui.exe", "eset nod32防毒"); 113 | av_list.Add("eshasrv.exe", "eset nod32防毒"); 114 | av_list.Add("eguiproxy.exe", "eset nod32防毒"); 115 | av_list.Add("avg.exe", "avg杀毒"); 116 | av_list.Add("avgwdsvc.exe", "avg杀毒"); 117 | av_list.Add("avastui.exe", "avast!5主程序"); 118 | av_list.Add("ashdisp.exe", "avast网络安全"); 119 | av_list.Add("clamtray.exe", "clemwin free antivirus"); 120 | av_list.Add("clamscan.exe", "clemwin free antivirus"); 121 | av_list.Add("avcenter.exe", "avira(小红伞)"); 122 | av_list.Add("avguard.exe", "avira(小红伞)"); 123 | av_list.Add("avgnt.exe", "avira(小红伞)"); 124 | av_list.Add("sched.exe", "avira(小红伞)"); 125 | av_list.Add("bddownloader.exe", "百度卫士"); 126 | av_list.Add("baidusafetray.exe", "百度卫士"); 127 | av_list.Add("baiduansvx.exe", "百度卫士-主进程"); 128 | av_list.Add("baidusd.exe", "百度杀毒-主程序"); 129 | av_list.Add("baidusdsvc.exe", "百度杀毒-服务进程"); 130 | av_list.Add("baidusdtray.exe", "百度杀毒-托盘进程"); 131 | av_list.Add("f-prot.exe", "f-prot杀毒"); 132 | av_list.Add("vba32lder.exe", "vb32杀毒"); 133 | av_list.Add("k7tsecurity.exe", "k7杀毒"); 134 | av_list.Add("iptray.exe", "immunet杀毒"); 135 | av_list.Add("cmctrayicon.exe", "cmc杀毒"); 136 | av_list.Add("bkavservice.exe", "bkav杀毒"); 137 | av_list.Add("nspupsvc.exe", "nprotect杀毒"); 138 | av_list.Add("a2guard.exe", "a-squared杀毒"); 139 | av_list.Add("ad-watch.exe", "lavasoft杀毒"); 140 | av_list.Add("unthreat.exe", "unthreat杀毒"); 141 | av_list.Add("psafesystray.exe", "psafe反病毒"); 142 | av_list.Add("patray.exe", "ahnlab安博士杀毒"); 143 | av_list.Add("v3svc.exe", "ahnlab安博士v3杀毒"); 144 | av_list.Add("cleaner8.exe", "the cleaner杀毒"); 145 | av_list.Add("mongoosagui.exe", "mongoosa杀毒"); 146 | av_list.Add("secenter.exe", "bitdefender杀毒"); 147 | av_list.Add("ayagent.exe", "alyac韩国胶囊杀毒"); 148 | av_list.Add("ksafe.exe", "金山卫士"); 149 | av_list.Add("kvmonxp.exe", "江民杀毒"); 150 | av_list.Add("ravmon.exe", "瑞星杀毒"); 151 | av_list.Add("ravmond.exe", "瑞星杀毒"); 152 | av_list.Add("kxescore.exe", "金山毒霸"); 153 | av_list.Add("kupdata.exe", "金山毒霸"); 154 | av_list.Add("kxetray.exe", "金山毒霸"); 155 | av_list.Add("kwsprotect64.exe", "金山毒霸"); 156 | av_list.Add("ksafetray.exe", "金山卫士"); 157 | av_list.Add("knsdtray.exe", "可牛杀毒"); 158 | av_list.Add("sbamsvc.exe", "vipre杀毒"); 159 | av_list.Add("remupd.exe", "熊猫卫士杀毒"); 160 | av_list.Add("spidernt.exe", "dr.web杀毒"); 161 | av_list.Add("quhlpsvc.exe", "quickheal杀毒"); 162 | av_list.Add("fsavgui.exe", "f-secure冰岛杀毒"); 163 | av_list.Add("f-secure.exe", "f-secure冰岛杀毒"); 164 | av_list.Add("arcatasksservice.exe", "arcavir杀毒"); 165 | av_list.Add("vsserv.exe", "bitdefender比特梵德杀毒"); 166 | av_list.Add("avwatchservice.exe", "virusfighter杀毒"); 167 | av_list.Add("ns.exe", "norton诺顿杀毒"); 168 | av_list.Add("ccapp.exe", "norton诺顿杀毒"); 169 | av_list.Add("vptray.exe", "norton病毒防火墙-盾牌图标程序"); 170 | av_list.Add("npfmntor.exe", "norton杀毒软件相关进程"); 171 | av_list.Add("ccregvfy.exe", "norton杀毒软件自身完整性检查程序"); 172 | av_list.Add("sndsrvc.exe", "symantec shared诺顿邮件防火墙软件"); 173 | av_list.Add("spbbcsvc.exe", "symantec shared诺顿邮件防火墙软件"); 174 | av_list.Add("symlcsvc.exe", "symantec shared诺顿邮件防火墙软件"); 175 | av_list.Add("coranticontrolcenter32.exe", "coranti2012杀毒"); 176 | av_list.Add("cksoftshiedantivirus4.exe", "shield antivirus杀毒"); 177 | av_list.Add("spywareterminatorshield.exe", "spywareterminator杀毒"); 178 | av_list.Add("usbkiller.exe", "u盘杀毒专家"); 179 | av_list.Add("ast.exe", "超级巡警"); 180 | av_list.Add("fortitray.exe", "飞塔"); 181 | av_list.Add("parmor.exe", "木马克星"); 182 | av_list.Add("gg.exe", "巨盾网游安全盾"); 183 | av_list.Add("adam.exe", "绿鹰安全精灵"); 184 | av_list.Add("kpfwtray.exe", "金山网镖"); 185 | av_list.Add("beikesan.exe", "贝壳云安全"); 186 | av_list.Add("iparmor.exe.exe", "木马克星"); 187 | av_list.Add("kswebshield.exe", "金山网盾"); 188 | av_list.Add("trojanhunter.exe", "木马猎手"); 189 | av_list.Add("webscanx.exe", "网络病毒克星"); 190 | av_list.Add("ananwidget.exe", "墨者安全专家"); 191 | av_list.Add("pfw.exe", "天网防火墙"); 192 | av_list.Add("cfp.exe", "comodo科摩多"); 193 | av_list.Add("mpmon.exe", "微点主动防御"); 194 | av_list.Add("rfwmain.exe", "瑞星防火墙"); 195 | av_list.Add("sphinx.exe", "sphinx防火墙"); 196 | av_list.Add("vsmon.exe", "zonealarm防火墙"); 197 | av_list.Add("fyfirewall.exe", "风云防火墙"); 198 | av_list.Add("acs.exe", "outpost防火墙"); 199 | av_list.Add("outpost.exe", "outpost防火墙"); 200 | 201 | Cmd c = new Cmd(); 202 | string resultStr = c.RunCmd("tasklist /svc"); 203 | resultStr = resultStr.ToLower(); 204 | 205 | foreach (KeyValuePair kvp in av_list) 206 | { 207 | if (resultStr.IndexOf(kvp.Key) > -1) 208 | { 209 | Console.WriteLine(kvp.Key + ":" + kvp.Value); 210 | } 211 | } 212 | } 213 | } 214 | 215 | /// 216 | /// Cmd 的摘要说明。 217 | /// 218 | public class Cmd 219 | { 220 | private Process proc = null; 221 | /// 222 | /// 构造方法 223 | /// 224 | public Cmd() 225 | { 226 | proc = new Process(); 227 | } 228 | /// 229 | /// 执行CMD语句 230 | /// 231 | /// 要执行的CMD命令 232 | public string RunCmd(string cmd) 233 | { 234 | proc.StartInfo.CreateNoWindow = true; 235 | proc.StartInfo.FileName = "cmd.exe"; 236 | proc.StartInfo.UseShellExecute = false; 237 | proc.StartInfo.RedirectStandardError = true; 238 | proc.StartInfo.RedirectStandardInput = true; 239 | proc.StartInfo.RedirectStandardOutput = true; 240 | proc.Start(); 241 | proc.StandardInput.WriteLine(cmd); 242 | proc.StandardInput.WriteLine("exit"); 243 | string outStr = proc.StandardOutput.ReadToEnd(); 244 | proc.Close(); 245 | return outStr; 246 | } 247 | } 248 | } -------------------------------------------------------------------------------- /SharpAV/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // 有关程序集的常规信息通过以下 6 | // 特性集控制。更改这些特性值可修改 7 | // 与程序集关联的信息。 8 | [assembly: AssemblyTitle("SharpAVKB")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("SharpAVKB")] 13 | [assembly: AssemblyCopyright("Copyright © 2019")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // 将 ComVisible 设置为 false 使此程序集中的类型 18 | // 对 COM 组件不可见。如果需要从 COM 访问此程序集中的类型, 19 | // 则将该类型上的 ComVisible 特性设置为 true。 20 | [assembly: ComVisible(false)] 21 | 22 | // 如果此项目向 COM 公开,则下列 GUID 用于类型库的 ID 23 | [assembly: Guid("121a56be-6897-4f54-8b01-3df54fb62414")] 24 | 25 | // 程序集的版本信息由下面四个值组成: 26 | // 27 | // 主版本 28 | // 次版本 29 | // 生成号 30 | // 修订号 31 | // 32 | // 可以指定所有这些值,也可以使用“生成号”和“修订号”的默认值, 33 | // 方法是按如下所示使用“*”: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /SharpAV/SharpAV.csproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | AnyCPU 7 | {99DDC600-3E6F-435E-89DF-74439FA68061} 8 | Exe 9 | Properties 10 | SharpAV 11 | SharpAV 12 | v3.5 13 | 512 14 | 15 | 16 | 17 | AnyCPU 18 | true 19 | full 20 | false 21 | bin\Debug\ 22 | DEBUG;TRACE 23 | prompt 24 | 4 25 | 26 | 27 | AnyCPU 28 | pdbonly 29 | true 30 | bin\Release\ 31 | TRACE 32 | prompt 33 | 4 34 | 35 | 36 | SharpAV.Program 37 | 38 | 39 | 40 | C:\Users\HP\Desktop\ConsoleApplication3\ConsoleApplication3\Newtonsoft.Json.dll 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 64 | -------------------------------------------------------------------------------- /SharpAV/SharpAV.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/3had0w/Antivirus-detection/9adf32b7b04a4e988b8cdfe3f0efb75f0dee2a96/SharpAV/SharpAV.exe -------------------------------------------------------------------------------- /SharpAV/SharpAV.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.28307.902 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SharpAV", "SharpAV.csproj", "{99DDC600-3E6F-435E-89DF-74439FA68061}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Release|Any CPU = Release|Any CPU 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {99DDC600-3E6F-435E-89DF-74439FA68061}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {99DDC600-3E6F-435E-89DF-74439FA68061}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {99DDC600-3E6F-435E-89DF-74439FA68061}.Release|Any CPU.ActiveCfg = Release|Any CPU 17 | {99DDC600-3E6F-435E-89DF-74439FA68061}.Release|Any CPU.Build.0 = Release|Any CPU 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {2460FEA7-3695-4B6A-B7DC-0F6047ABA5F7} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /SharpAV/app.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /SharpAV/bin/Debug/SharpAV.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/3had0w/Antivirus-detection/9adf32b7b04a4e988b8cdfe3f0efb75f0dee2a96/SharpAV/bin/Debug/SharpAV.exe -------------------------------------------------------------------------------- /SharpAV/bin/Debug/SharpAV.exe.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /SharpAV/bin/Debug/SharpAV.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/3had0w/Antivirus-detection/9adf32b7b04a4e988b8cdfe3f0efb75f0dee2a96/SharpAV/bin/Debug/SharpAV.pdb -------------------------------------------------------------------------------- /SharpAV/bin/Release/SharpAV.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/3had0w/Antivirus-detection/9adf32b7b04a4e988b8cdfe3f0efb75f0dee2a96/SharpAV/bin/Release/SharpAV.exe -------------------------------------------------------------------------------- /SharpAV/bin/Release/SharpAV.exe.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /SharpAV/bin/Release/SharpAV.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/3had0w/Antivirus-detection/9adf32b7b04a4e988b8cdfe3f0efb75f0dee2a96/SharpAV/bin/Release/SharpAV.pdb -------------------------------------------------------------------------------- /favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/3had0w/Antivirus-detection/9adf32b7b04a4e988b8cdfe3f0efb75f0dee2a96/favicon.ico -------------------------------------------------------------------------------- /index.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Windows杀软在线对比辅助 5 | 6 | 7 | 8 | 9 | 10 |
11 |

12 | Windows杀软在线对比辅助 13 |

14 |
15 | 18 |
19 |
20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | $process_to_soft) 41 | { 42 | foreach($get_array_process as $check_process){ 43 | if (preg_match("/^($local_process)/i",$check_process)){ 44 | echo "".""; 45 | $flag=1; 46 | break; 47 | } 48 | } 49 | } 50 | if(!$flag){echo ""."";} 51 | } 52 | ?> 53 | 54 |
系统进程杀软名称
".$local_process."".$process_to_soft."
暂无匹配欢迎补充
55 | 56 |
"> 57 |
58 |
59 | 60 |
61 |

62 |
63 |
64 | 65 | 72 | 73 | 74 | 75 | --------------------------------------------------------------------------------