From 186817174741f40318dc5bf32efde5315c17a596 Mon Sep 17 00:00:00 2001
From: api0cradle <oddvar.moe@gmail.com>
Date: Mon, 23 Apr 2018 18:20:09 +0200
Subject: [PATCH] Added some more

---
 Backlog.txt            |  2 ++
 LOLBins.md             |  1 +
 OSBinaries/Qprocess.md | 31 +++++++++++++++++++++++++++++++
 OSBinaries/Wmic.md     |  2 +-
 4 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 OSBinaries/Qprocess.md

diff --git a/Backlog.txt b/Backlog.txt
index 9d8c7e3..cbcf0fd 100644
--- a/Backlog.txt
+++ b/Backlog.txt
@@ -15,3 +15,5 @@ odbcad32.exe	GUI DLL Loading
 WseClientSvc.exe	- https://blog.huntresslabs.com/abusing-trusted-applications-a719219220f
 dvdplay.exe		http://www.hexacorn.com/blog/2018/03/15/beyond-good-ol-run-key-part-73/
 http://www.hexacorn.com/blog/category/living-off-the-land/pass-thru-command-execution/
+
+
diff --git a/LOLBins.md b/LOLBins.md
index 9daa59c..559e848 100644
--- a/LOLBins.md
+++ b/LOLBins.md
@@ -38,6 +38,7 @@ If you are missing from the acknowledgement, please let me know (I did not forge
 [Powershell.exe](OSBinaries/Powershell.md)     
 [Presentationhost.exe](OSBinaries/Presentationhost.md)     
 [Print.exe](OSBinaries/Print.md)     
+[Qprocess.exe](OSBinaries/Qprocess.md)     
 [Reg.exe](OSBinaries/Reg.md)    
 [Regedit.exe](OSBinaries/Regedit.md)    
 [Regasm.exe](OSBinaries/Regasm.md)    
diff --git a/OSBinaries/Qprocess.md b/OSBinaries/Qprocess.md
new file mode 100644
index 0000000..5cf20b4
--- /dev/null
+++ b/OSBinaries/Qprocess.md
@@ -0,0 +1,31 @@
+## Qprocess.exe
+
+* Functions: Credentials
+
+```
+qprocess /SERVER:RemoteServer
+```
+
+Acknowledgements:
+* Rahmat Nurfauzi - @infosecn1nja    
+
+Code sample:
+*    
+
+Resources:
+* https://twitter.com/infosecn1nja/status/987268926139592706
+
+Full path:
+```
+c:\windows\system32\Qprocess.exe
+```
+
+Notes:
+Some specific details about the binary file.
+
+
+Detection:
+Details about detection.
+IOC, Behaviour , User Agents etc
+
+ 
diff --git a/OSBinaries/Wmic.md b/OSBinaries/Wmic.md
index 277393c..a5e5433 100644
--- a/OSBinaries/Wmic.md
+++ b/OSBinaries/Wmic.md
@@ -36,7 +36,7 @@ Acknowledgements:
 * Casey Smith - @subtee
 
 Code sample:
-* [Wmic_calc.xsl](Payloads/Wmic_calc.xsl)   
+* [Wmic_calc.xsl](https://raw.githubusercontent.com/api0cradle/LOLBAS/master/OSBinaries/Payload/Wmic_calc.xsl)   
 
 Resources:
 * https://stackoverflow.com/questions/24658745/wmic-how-to-use-process-call-create-with-a-specific-working-directory