md5,sha1,sha256,imphash TEMP\nessus_;nessus_task_list TEMP\nessus_;nessus_task_list rcpping;tcpping;tcping;routerscan;grabff;Port-Scan;netscan;\nmap;ipscan;nacmdline.exe advanced_port_scanner.exe;rcpping.exe;nc.exe;nc64.exe;netcat.exe;ncat.exe;nmap.exe;zenmap.exe;advanced_ip_scanner.exe Network Scanner;Advanced IP Scanner adfind adfind -gcb -sc;/gcb /sc;-f (objectcategory=;/f (objectcategory=;trustdmp PurpleSharp;xyz123456 PurpleSharp /serverlevelplugindll add;sslcert;http http del sslcert C:\Users\ Content.Outlook .SettingContent-ms immersivecontrolpanel Hwp.exe gbb.exe iexplore.exe;chrome.exe;firefox.exe;browser_broker.exe;vivaldi.exe;microsoftedge.exe;microsoftedgecp.exe;brave.exe;vivaldi.exe tracert.exe;csc.exe;cscript.exe;wscript.exe;cmd.exe;powershell.exe;bash.exe;scrcons.exe;schtasks.exe;hh.exe;regsvr32.exe;regsvcs.exe;sh.exe;wmic.exe;mshta.exe;rundll32.exe;msiexec.exe;forfiles.exe;scriptrunner.exe;mftrace.exe;AppVLP.exe;svchost.exe;MicroScMgmt.exe;FLTLDR.exe;wmic.exe;Microsoft.Workflow.Compiler.exe;atbroker.exe;bginfo.exe;certutil.exe;csi.exe;dnx.exe;cdb.exe;bitsadmin.exe;forfiles.exe;fsi.exe;ftp.exe;hostname.exe;gpresult.exe;ipconfig.exe;nbtstat.exe;ping.exe;pwsh.exe;qprocess.exe;quser.exe;qwinsta.exe;reg.exe;svchost.exe;installutil.exe;pwsh.exe;msxsl.exe;ieexec.exe;msdt.exe;verclsid.exe apt-config SentinelBrowserNativeHost.exe cmd.exe /c C:\Windows\Setup\Scripts\SetupComplete.cmd;cmd.exe /c C:\Windows\Setup\Scripts\PartnerSetupComplete.cmd C:\Windows\Setup C:\Windows\SysWOW64 C:\Windows\System32 C:\Windows\WinSxS consent.exe http iexplore.exe SYSTEM w3wp.exe \csc.exe;\TranscodingService.exe;\werfault.exe;\appcmd.exe w3wp.exe appcmd.exe appcmd.exe add module;system.enterpriseservices.internal.publish;\gacutil.exe /I;gacutil.exe -I apache;php-cgi.exe;nginx.exe;httpd.exe;tomcat;php.exe arp.exe;at.exe;cscript.exe;wscript.exe;cmd.exe;powershell.exe;bash.exe;scrcons.exe;schtasks.exe;hh.exe;regsvr32.exe;sh.exe;ping.exe;whoami.exe;net.exe;net1.exe;systeminfo.exe;bitsadmin.exe;dsget.exe;dsquery.exe;find.exe;findstr.exe;fsutil.exe;hostname.exe;ipconfig.exe;nbtstat.exe;net.exe;net1.exe;netdom.exe;netsh.exe;netstat.exe;nltest.exe;nslookup.exe;ntdutil.exe;pathping.exe;qprocess.exe;query.exe;qwinsta.exe;reg.exe;rundll32.exe;sc.exe;schtasks.exe;systeminfo.exe;tasklist.exe;tracert.exe;ver.exe;vssadmin.exe;wevtutil.exe;whoami.exe;wmic.exe;wusa.exe;certutil.exe cmd.exe ping 127.0.0.1 c:\windows\system32\inetsrv\ svchost.exe;termsvcs rdpclip.exe;csrss.exe;wininit.exe dns.exe werfault.exe;conhost.exe;dnscmd.exe;dns.exe UMWorkerProcess.exe;UMService.exe perfenabled UMWorkerProcess.exe;UMService.exe perfenabled wemgr.exe;werfault.exe \wwwroot\ \Atlassian\Confluence\jre\bin\java.exe cmd;powershell;certutil;curl;whoami;ipconfig;mshta;wscript;cscript;rundll32;bitsadmin DesktopCentral_Server\jre\bin\java.exe cmd;powershell;certutil;curl;whoami;ipconfig;mshta;wscript;cscript;rundll32;bitsadmin \jre\bin\java.exe cmd;powershell;pwsh;certutil;curl;whoami;ipconfig;mshta;wscript;cscript;rundll32;bitsadmin;pwsh.exe;bitsadmin;hh.exe;wmic.exe;rundll32.exe;forfiles.exe;scriptrunner.exe;mftrace.exe;AppVLP.exe;curl.exe \Atlassian\Confluence\jre\bin\java.exe sqlservr arp.exe;at.exe;cscript.exe;wscript.exe;cmd.exe;powershell;bash.exe;scrcons.exe;schtasks.exe;hh.exe;regsvr32.exe;sh.exe;ping.exe;whoami.exe;net.exe;net1.exe;systeminfo.exe;bitsadmin.exe;dsget.exe;dsquery.exe;find.exe;findstr.exe;fsutil.exe;hostname.exe;ipconfig.exe;nbtstat.exe;net.exe;net1.exe;netdom.exe;netsh.exe;netstat.exe;nltest.exe;nslookup.exe;ntdutil.exe;pathping.exe;qprocess.exe;query.exe;qwinsta.exe;reg.exe;rundll32.exe;sc.exe;schtasks.exe;systeminfo.exe;tasklist.exe;tracert.exe;ver.exe;vssadmin.exe;wevtutil.exe;whoami.exe;wmic.exe;wusa.exe;sh.exe;bash.exe keytool.exe cmd;powershell;pwsh;certutil;curl;whoami;ipconfig;mshta;wscript;cscript;rundll32;bitsadmin;pwsh.exe;bitsadmin;hh.exe;wmic.exe;rundll32.exe;forfiles.exe;scriptrunner.exe;mftrace.exe;AppVLP.exe;curl.exe bash.exe;cmd.exe;powershell.exe;pwsh.exe id -Gn `;id /Gn `;id -Gn ';id /Gn ' e=Access&;y=Guest&;&p=;&c=;&k= wmic.exe process;call;create wmic.exe call set priority;call terminate;product get name;bios, get serialNumber;BIOS GET SERIALNUMBER;onboarddevice get;useraccount where name;useraccount get;path win32_networkadapter where index=;process list;useraccount get /ALL;useraccount list;qfe get description,installedOn /format:csv;process get caption,executablepath,commandline;service get name,displayname,pathname,startmode;share list;win32_share C:\Users\;$Recycle;\Temp\;\Downloads\ \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 conhost.exe C:\Program Files (x86)\N-able Technologies\Windows Agent\Temp\Msp.Ecosystem.Discovery.exe;TCIntegratorCommHelper.exe;\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe svchost.exe;lsass.exe;services.exe;smss.exe;winlogon.exe;explorer.exe;dllhost.exe;rundll32.exe;regsvr32.exe;userinit.exe;winit.exe;spoolsv.exe;wermgr.exe;csrss.exe;ctfmon.exe;werfault.exe conhost.exe conhost.exe :\Windows\splwow64.exe;:\Windows\System32\WerFault.exe;:\Windows\System32\conhost.exe \cmd.exe;WindowsTerminal;powershell explorer.exe cmd.exe powershell.exe;powershell_ise.exe Get-ItemProperty HKLM:\software\wow6432node\microsoft\windows\currentversion\uninstall\ mysql server select-object displayversion,displayname cscript.exe;wscript.exe powershell.exe;powershell_ise.exe cscript.exe;wscript.exe powershell.exe;powershell_ise.exe powershell.exe;powershell_ise.exe mshta.exe wscript.exe;cscript.exe IEX;Net.WebClient;ospp.vbs;powershell;slmgr.vbs;spiceworks_upload wscript.exe .jse;.js;.vba;.vbe \wscript.exe;\cscript.exe \rundll32.exe;regsvr32.exe \rundll32.exe;regsvr32.exe .dll;.cpl;.ocx;localserver;enable-speech-input;auto-scan-plugin;enable-media-stream;CastMediaRouteProvider;-eoim;/eoim setupapi;InstallHinfSection;DefaultInstall;SplunkUniversalForwarder\bin\spl;rundll32.exe "C:\Windows\Installer\MSI \MSI;.tmp",zzzInvokeManagerCustomActionOutOfProc cscript.exe .jse;.js;.vba;.vbe mshta vbscript:CreateObject("Wscript.Shell");mshta vbscript:Execute("Execute;mshta vbscript:CreateObject("Wscript.Shell").Run("mshta.exe;javascript:a= .jpg;.png;.lnk;.xls;.doc;.zip;.sct;.hta C:\Windows\Temp\hpqhvind.exe;C:\ProgramData\DRM\;Test.exe C:\ProgramData\DRM;wmplayer.exe;C:\ProgramData\DRM\CLR\CLR.EXE regedit.exe explorer.exe \svchost.exe;\taskhostw.exe;\userinit.exe;\smss.exe;\csrss.exe;\wininit.exe;\winlogon.exe;\lsass.exe;\logonui.exe;\services.exe C:\windows\System32\;C:\windows\syswow64\ \wininit.exe;\winlogon.exe;\services.exe;\dwm.exe;System;\smss.exe;\svchost.exe \spoolsv.exe;\PrintIsolationHost.exe C:\Windows\System32\spoolsv.exe;\GPLGS\gswin32c.exe;C:\Windows\System32\spool\drivers\;\bin\gswin64c.exe;C:\PROGRA~2\CUTEPD~1\;C:\Windows\EEFPrinter.exe C:\Windows\system32\spool\DRIVERS Brother Industries;Thomson Reuters COMSPEC ScriptFile \Temp\7z \Temp\Temp1_ \Temp\Rar$ powershell.exe;powershell_ise.exe C:\users\ Microsoft VS Code\Code.exe \Deployment tool extract\setupodt.exe Shellcode ipy.exe python.exe -agentpath: -agentlib: winword.exe;excel.exe;powerpnt.exe;outlook.exe;msaccess.exe;mspub.exe;visio.exe;notepad.exe;wordpad.exe;eqnedt32.exe;wordview.exe tracert.exe;csc.exe;cscript.exe;wscript.exe;cmd.exe;powershell.exe;bash.exe;scrcons.exe;schtasks.exe;hh.exe;regsvr32.exe;regsvcs.exe;sh.exe;wmic.exe;mshta.exe;rundll32.exe;msiexec.exe;forfiles.exe;scriptrunner.exe;mftrace.exe;AppVLP.exe;svchost.exe;MicroScMgmt.exe;FLTLDR.exe;wmic.exe;Microsoft.Workflow.Compiler.exe;atbroker.exe;bginfo.exe;certutil.exe;csi.exe;dnx.exe;cdb.exe;bitsadmin.exe;forfiles.exe;fsi.exe;ftp.exe;hostname.exe;gpresult.exe;ipconfig.exe;nbtstat.exe;ping.exe;pwsh.exe;qprocess.exe;quser.exe;qwinsta.exe;reg.exe;svchost.exe;installutil.exe;pwsh.exe;msxsl.exe;ieexec.exe;msdt.exe;verclsid.exe;msidb.exe .cmd;- C:\Windows\system32\spool\DRIVERS\ PhotoViewer.dll outlook.exe http:;https:;ftp:;mailto:;tel: .html outlook.exe http:;https:;ftp:;mailto:;tel: .html" outlook.exe http:;https:;ftp:;mailto:;tel: .html" outlook.exe .pdf" outlook.exe .pdf outlook.exe .iso" outlook.exe .iso outlook.exe \iexplore.exe;\chrome.exe;\firefox.exe;\MicrosoftEdge;browser_broker.exe;\vivaldi.exe;\brave.exe;\opera.exe;BrowserAssist.exe;\msedgewebview;\msedge.exe http:;https:;ftp:;mailto:;tel: outlook.exe http:;https:;ftp:;mailto:;tel: \Content.Outlook\;\Downloads\;\Documents\;:\Users\Public\;\Desktop\ outlook.exe \\ winword.exe;excel.exe;powerpnt.exe;outlook.exe;msaccess.exe;mspub.exe;visio.exe;notepad.exe;wordpad.exe;eqnedt32.exe;wordview.exe C:\Users\ .exe Zoom Video Firefox Microsoft Edge Microsoft Teams GrammarlyAddInSetupe Teams.exe Zoom.exe browser_broker.exe chrome.exe edge.exe firefox.exe iexplore.exe vivaldi.exe winword.exe;excel.exe;powerpnt.exe;outlook.exe;msaccess.exe;mspub.exe;visio.exe;notepad.exe;wordpad.exe;eqnedt32.exe;wordview.exe C:\ProgramData\ Firefox Microsoft Edge Microsoft Teams Zoom Video .zip\ acrobat.exe;acrord32.exe tracert.exe;csc.exe;cscript.exe;wscript.exe;cmd.exe;powershell.exe;bash.exe;scrcons.exe;schtasks.exe;hh.exe;regsvr32.exe;regsvcs.exe;sh.exe;wmic.exe;mshta.exe;rundll32.exe;msiexec.exe;forfiles.exe;scriptrunner.exe;mftrace.exe;AppVLP.exe;svchost.exe;MicroScMgmt.exe;FLTLDR.exe;wmic.exe;Microsoft.Workflow.Compiler.exe;atbroker.exe;bginfo.exe;certutil.exe;csi.exe;dnx.exe;cdb.exe;bitsadmin.exe;forfiles.exe;fsi.exe;ftp.exe;hostname.exe;gpresult.exe;ipconfig.exe;nbtstat.exe;ping.exe;pwsh.exe;qprocess.exe;quser.exe;qwinsta.exe;reg.exe;svchost.exe;installutil.exe;pwsh.exe;msxsl.exe;ieexec.exe;msdt.exe;verclsid.exe winword.exe;powerpnt.exe;excel.exe control.exe input.dll msdt.exe msdt.exe BrowseForFile=;PCWDiagnostic /af;-af msdt.exe pcwrun.exe PCWDiagnostic msdt.exe /cab;-cab .diagcab powershell.exe;pwsh.exe;cmd.exe;mshta.exe;cscript.exe;wscript.exe;wsl.exe;rundll32.exe;regsvr32.exe msdt.exe EQNEDT32.EXE winword.exe;excel.exe;powerpnt.exe FLTLDR.EXE /dde;-dde schtasks.exe /create;-create;/change;-change C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe Sentinel\AutoRepair Update_Sysmon_Rules C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe taskeng.exe 6.3.9600.20773 (winblue_ltsb_escrow.221219-1740) schtasks.exe /Run;-run Sentinel\AutoRepair C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ schtasks.exe schtasks /TN RtkAudUService64_BG -change;/change;-delete;/delete;-create;/create;Update_Sysmon_Rules;AMDRyzenMasterSDKTask at.exe at.exe C:\Windows\System32\svchost.exe netsvcs;-p;-s;Schedule netsvcs;-p;-s;Schedule net.exe;net1.exe;net2.exe stop tvsu_tmp net.exe;net1.exe;net2.exe start tvsu_tmp wmiprvse.exe;mmc.exe;explorer.exe;services.exe &1;cmd.exe;\\127.0.0.1\;/Q /c wmiprvse.exe;mmc.exe;explorer.exe;services.exe &1;cmd.exe;\\127.0.0.1\;-Q -c schtasks;Create;ONLOGON;TN;Updater;TR;powershell sc.exe create \NIC_Emulex_Firmware\;C:\Windows\Temp\ExchangeSetup\ sc.exe config;binpath Ecosystem.AgentSetup.tmp cmd.exe;powershell.exe services.exe new-service psexesvc.exe Execute processes remotely psexe PsExec Service PsExec Launched accepteula Execute processes remotely -s;/s psexec.exe pskill.exe pskill C:\WINDOWS\system32\svchost.exe -k NetworkService -p C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation C:\WINDOWS\System32\svchost.exe -k netprofm -p -s netprofm C:\WINDOWS\system32\svchost.exe;RPCSS C:\WINDOWS\system32\svchost.exe;RPCSS werfault.exe && type > cmd.exe" /c cd ntdsutil;/set {default} recoveryenabled no;telnet ;-dumpcr;putty;bash.exe;pssh;shareenum;sekurlsa;reg save;reg save;psscan;shellexec;vbscript:createobject;/output:clipboard;root\\default;root\\subscription;Wmiclass;WmiCl'+'as'+'s;export-mft;ApplicationImpersonation C:\Program Files (x86)\mRemoteNG\PuTTYNG.exe ERROR kuhl;windows/meterpreter;InjectDLL;ReflectiveLoader;Koadic.;@subtee;-donate-level=;stratum+tcp;Win32_TaskService;FilterToConsumerBinding;Invoke-Stager;Invoke-FruityC2;smbscanner;Invoke-ReverseDNSLookup;Invoke-ARPScan;Invoke-Paranoia;Find-TrustedDocuments;Find-Fruit;Get-RickAstley;PowerView;Invoke-Tater;Get-System;Get-SiteListPassword;PowerBreach;Invoke-BackdoorLNK;Install-SSP;Get-SecurityPackages;Invoke-SSHCommand;Invoke-PsExec;Invoke-InveighRelay;Set-Wallpaper;Invoke-VoiceTroll;Invoke-ThunderStruck;Exploit-Jboss;Invoke-PowerDump;Invoke-DCSync;Get-VaultCredential;Set-MacAttribute;New-HoneyHash;MailRaider;Invoke-RunAs;Invoke-PSInject;Invoke-EgressCheck;Invoke-NetRipper;Invoke-Inveigh;Get-Screenshot;Get-IndexedItem;Get-FoxDump'Get-Clipboard;Get-ChromeDump;Start-CaptureServer;Add-Persistence;Add-Exfiltration;Invoke-PowerShellWMI;Invoke-PowerShellTCP;Invoke-PoshRatHttp;Show-TargetScreen;Get-PassHashes;Get-LSASecret;Check-VM;Remove-Update;Enabled-DuplicateToken;Invoke-ADSBackdoor;Gupt-Backdoor;Add-ScrnSaveBackdoor;Add-RegBackdoor;Get-Unconstrained;Get-RegAlwaysInstallElevated;Get-ApplicationHost;Get-WebConfig;Get-UnattendedInstallFile;Get-VulnAutoRun;Get-RegAutoLogon;Install-ServiceBinary;Invoke-ServiceAbuse;Get-ServicePermission;Get-ServiceFilePermission;Get-ServiceUnquoted;Invoke-DowngradeAccount;Invoke-ACLScanner;Find-GPOLocation;Invoke-UserHunter;Invoke-ReflectivePEInjectionInvoke-ReflectivePEInjection;Invoke-ReflectivePEInjection;VolumeShadowCopyTools;Out-Minidump;Invoke-TokenManipulation;Invoke-DllInjection;Invoke-SessionGopher;Invoke-Shellcode;Invoke-WmiCommand;Get-GPPPassword;Get-Keystrokes;Get-TimedScreenshot;Get-VaultCredential;Invoke-CredentialInjection;Invoke-NinjaCopy ERROR kuhl;windows/meterpreter;InjectDLL;ReflectiveLoader;Koadic.;@subtee;-donate-level=;stratum+tcp;Win32_TaskService;FilterToConsumerBinding;Invoke-Stager;Invoke-FruityC2;smbscanner;Invoke-ReverseDNSLookup;Invoke-ARPScan;Invoke-Paranoia;Find-TrustedDocuments;Find-Fruit;Get-RickAstley;PowerView;Invoke-Tater;Get-System;Get-SiteListPassword;PowerBreach;Invoke-BackdoorLNK;Install-SSP;Get-SecurityPackages;Invoke-SSHCommand;Invoke-PsExec;Invoke-InveighRelay;Set-Wallpaper;Invoke-VoiceTroll;Invoke-ThunderStruck;Exploit-Jboss;Invoke-PowerDump;Invoke-DCSync;Get-VaultCredential;Set-MacAttribute;New-HoneyHash;MailRaider;Invoke-RunAs;Invoke-PSInject;Invoke-EgressCheck;Invoke-NetRipper;Invoke-Inveigh;Get-Screenshot;Get-IndexedItem;Get-FoxDump'Get-Clipboard;Get-ChromeDump;Start-CaptureServer;Add-Persistence;Add-Exfiltration;Invoke-PowerShellWMI;Invoke-PowerShellTCP;Invoke-PoshRatHttp;Show-TargetScreen;Get-PassHashes;Get-LSASecret;Check-VM;Remove-Update;Enabled-DuplicateToken;Invoke-ADSBackdoor;Gupt-Backdoor;Add-ScrnSaveBackdoor;Add-RegBackdoor;Get-Unconstrained;Get-RegAlwaysInstallElevated;Get-ApplicationHost;Get-WebConfig;Get-UnattendedInstallFile;Get-VulnAutoRun;Get-RegAutoLogon;Install-ServiceBinary;Invoke-ServiceAbuse;Get-ServicePermission;Get-ServiceFilePermission;Get-ServiceUnquoted;Invoke-DowngradeAccount;Invoke-ACLScanner;Find-GPOLocation;Invoke-UserHunter;Invoke-ReflectivePEInjectionInvoke-ReflectivePEInjection;Invoke-ReflectivePEInjection;VolumeShadowCopyTools;Out-Minidump;Invoke-TokenManipulation;Invoke-DllInjection;Invoke-SessionGopher;Invoke-Shellcode;Invoke-WmiCommand;Get-GPPPassword;Get-Keystrokes;Get-TimedScreenshot;Get-VaultCredential;Invoke-CredentialInjection;Invoke-NinjaCopy --disable-http2 --disable-quic /Client/Login?id= JABzA 2f40abbb4f78e77745f0e657a19903fc953cc664;478dc5a5f934c62a9246f7d1fc275868f568bc07;37b4496e650b3994312c838435013560b3ca8571;37b4496e650b3994312c838435013560b3ca8571;e8542c07b2af63ee7e72ce5d97d91036c5da56e2b091aa2afe737b224305d230;08c34c6ac9186b61d9f29a77ef5e618067e0bc9fe85cab1ad25dc6049c376949;5fc4b0076eac7aa7815302b0c3158076e3569086c4c6aa2f71cd258238440d14;bef59b9a3e00a14956e0cd4a1f3e7524448cbe5d3cc1295d95a15b83a3579c59;2c1d3d0a9c6f76726994b88589219cb8d9c39dd9924bc8d2d02bf41d955fe326;1a2ab4df156ccd685f795baee7df49f8e701f271d3e5676b507112e30ce03c42;758598370c3b84c6fbb452e3d7119f700f970ed566171e879d3cb41102154272;5c776a33568f4c16fee7140c249c0d2b1e0798a96c7a01bfd2d5684e58c9bb32;c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1;c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1;36dd195269979e01a29e37c488928497;7d9d29c1c03461608bcab930fef2f568;807d86da63f0db1fc746d1f0b05bc357;849a2b0dc80aeca3d175c139efe5221c;86A4CAC227078B9C95C560C8F0370BF0;98908ce6f80ecc48628c8d2bf5b2a50c;a4b42c2c95d1f2ff12171a01c86cd64f;4abe604916c04fe3dd8b9cb3d501d3f;eac3e3ece94bc84e922ec077efb15edd;128CECC59C91C0D0574BC1075FE7CB40;88777aacd5f16599547926a4c9202862;0f49621b06f2cdaac8850c6e9581a594;17a36ac3e31f3a18936552aff2c80249;322cb39bc049aa69136925137906d855;2010f38ef300be4349e7bc287e720b1ecec678cacbf0ea0556bcf765f6e073ec;cd4b9d0f2d1c0468750855f0ed352c1ed6d4f512d66e0e44ce308688235295b5;5b102bf4d997688268bab45336cead7cdf188eb0d6355764e53b4f62e1cdf30c;b017b9fc2484ce0a5629ff1fed15bca9f62f942eafbb74da6a40f40337187b04;6a251ed6a2c6a0a2be11f2a945ec68c814d27e2b6ef445f4b2c7a779620baa11;3d129263f6a48647f103a04446fb0c2f;37cd353621b0f4fc6981b50071c94f01;1b60021baedc3f9201bcdb40e9b87f62;71345b139166482acaa568ac8816c7bc;5E022694C0DBD1FBBC263D608E577949;304772c80b157a916c7041f2f15939fb;291ff87948e45914424cec9510c297da;b8fcd4a3902064907fb19e0da3ca7aed72a7e6d1f94d971d1ee7a4d3af6a800d;965884f19026913b2c57b8cd4a86455a61383de01dabb69c557f45bb848f6c26;4a069c1abe5aca148d5a8fdabc26751e;dc5733c013378fa418d13773f5bfe6f1;c579341f86f7e962719c7113943bb6e4;d326e629a90e78825645963b35e53a6a;5E022694C0DBD1FBBC263D608E577949;53841a0c6a3ff92976db08bfdf95e083;dc7e564809d6c2a2f3457c3c9b91f22b;5470f0644589685000154cb7d3f60280acb16e39ca961cce2c016078b303bc1b;FE2CA1BE3BDA2A757036A89E54CC02DB;FE2CA1BE3BDA2A757036A89E54CC02DB 22d142f11cf2a30ea4953e1fffb0fa7e;2317d65da4639f4246de200650a70753;27612cb03c89158225ca201721ea1aad;412956675fbc3f8c51f438c1abc100eb;daf2da52475fd8981b19ec3c321a983c;490a140093b5870a47edc29f33542fd2;51a7068640af42c3a7c1b94f1c11ab9d;533340c54bd25256873b3dca34d7f74e;684eca6b62d69ce899a3ec3bb04d0a5b;69a19abf5ba56ee07cdd3425b07cf8bf;6cfd131fef548fcd60fbcdb59317df8e;72dc98449b45a7f1ccdef27d51e31e91;7c733607a0932b1b9a9e27cd6ab55fe0;7d5265e814843b24fcb3787768129040;80c37e062aa4c94697f287352acf2e9d;815f1f8a7bc1e6f94cb5c416e381a110;a43d3b31575846fa4c3992b4143a06da;08e82dc7bae524884b7dc2134942aadb;7bcd736a2394fc49f3e27b3987cce640;57314359df11ffdf476f809671ec0275;b72737b464e50aa3664321e8e001ff32;ce8ce92fb6565181572dce00d69c24f8;5985087678414143d33ffc6e8863b887;84730a6e426fbd3cf6b821c59674c8a0;d5377dc1821c935302c065ad8432c0d2;d8f1356bebda9e77f480a6a60eab36bb;92f8e3f0f1f7cc49fad797a62a169acd;9003cfaac523e94d5479dc6a10575e60;df91b86189adb0a11c47ce2405878fa1;e17bd40f5b5005f4a0c61f9e79a9d8c2;c1e7850da5604e081b9647b58248d7e8;99828721ac1a0e32e4582c3f615d6e57;f559c87b4a14a4be1bd84df6553aaf56;b9c208ea8115232bfd9ec2c62f32d6b8;061089d8cb0ca58e660ce2e433a689b3;0e9afd3a870906ebf34a0b66d8b07435;9c115e9a81d25f9d88e7aaa4313d9a8f;520ee02668a1c7b7c262708e12b1ba6b;7bfba2c69bed6b160261bdbf2b826401;77a745b07d9c453650dd7f683b02b3ed;3a771efb7ba2cd0df247ab570e1408b2;0969b2b399a8d4cd2d751824d0d842b4;fc53f2cd780cd3a01a4299b8445f8511;4e39620afca6f60bb30e031ddc5a4330;bfe3f6a79cad5b9c642bb56f8037c43b;3dfebce4703f30eed713d795b90538b5;9793afcea43110610757bd3b800de517;36db24006e2b492cafb75f2663f241b2;21feb6aa15e02bb0cddbd544605aabad;21feb6aa15e02bb0cddbd544605aabad;649ef1dd4a5411d3afcf108d57ff87af;320b2f1d9551b5d1df4fb19bd9ab253a;3d75c72144d873b3c1c4977fbafe9184;b9cf4301b7b186a75e82a04e87b30fe4;b4e67706103c3b8ee148394ebee3f268;7bfbd72441e1f2ed48fbc0f33be00f24;cdb303f61a47720c7a8c5086e6b2a743;2a6f7ec77ab6bd4297e7b15ae06e2e61;8403a28e0bffa9cc085e7b662d0d5412;3ffd2915d285ad748202469d4a04e1f5;04078ef95a70a04e95bda06cc7bec3fa;235d427f94630575a4ea4bff180ecf5d;8035a8a143765551ca7db4bc5efb5dfd;cacaa3bf3b2801956318251db5e90f3c;1aadf739782afcae6d1c3e4d1f315cbd;c3e255888211d74cc6e3fb66b69bbffb;d9e9f22988d43d73d79db6ee178d70a4;16ab79fb2fd92db0b1f38bedb2f02ed8;8da15a97eaf69ff7ee184fc446f19cf1;ffc7305cb24c1955f9625e525d58aeee;c0e72eb4c9f897410c795c1b360090ef;9ad6fa6fdedb2df8055b3d30bd6f64f1;44619a88a6cff63523163c6a4cf375dd;a571660c9cf1696a2f4689b2007a12c7;81229c1e272218eeda14892fa8425883;0ac48cfa2ff8351365e99c1d26e082ad;afcdf79be1557326c854b6e20cb900a7 a53a02b997935fd8eedcb5f7abab9b9f e96a73c7bf33a464c510ede582318bf2 serialfunc.exe e PAA;en PAA;enc PAA;enco PAA;encode PAA;encoded PAA;encodedco PAA;encodedcom PAA;encodedcomm PAA;encodedcomma PAA;encodedcomman PAA;encodedcommand PAA;e IAA;en IAA;enc IAA;enco IAA;encode IAA;encoded IAA;encodedco IAA;encodedcom IAA;encodedcomm IAA;encodedcomma IAA;encodedcomman IAA;encodedcommand IAA;e JAB;en JAB;enc JAB;enco JAB;encode JAB;encoded JAB;encodedco JAB;encodedcom JAB;encodedcomm JAB;encodedcomma JAB;encodedcomman JAB;encodedcommand JAB;e cwBFAFQA;en cwBFAFQA;enc cwBFAFQA;enco cwBFAFQA;encode cwBFAFQA;encoded cwBFAFQA;encodedco cwBFAFQA;encodedcom cwBFAFQA;encodedcomm cwBFAFQA;encodedcomma cwBFAFQA;encodedcomman cwBFAFQA;encodedcommand cwBFAFQA;e SQBFAF;en SQBFAF;enc SQBFAF;enco SQBFAF;encode SQBFAF;encoded SQBFAF;encodedco SQBFAF;encodedcom SQBFAF;encodedcomm SQBFAF;encodedcomma SQBFAF;encodedcomman SQBFAF;encodedcommand SQBFAF;e UwBFAFQA;en UwBFAFQA;enc UwBFAFQA;enco UwBFAFQA;encode UwBFAFQA;encoded UwBFAFQA;encodedco UwBFAFQA;encodedcom UwBFAFQA;encodedcomm UwBFAFQA;encodedcomma UwBFAFQA;encodedcomman UwBFAFQA;encodedcommand UwBFAFQA;e IABpAE4AdgBPAEsAZQAt;en IABpAE4AdgBPAEsAZQAt;enc IABpAE4AdgBPAEsAZQAt;enco IABpAE4AdgBPAEsAZQAt;encode IABpAE4AdgBPAEsAZQAt;encoded IABpAE4AdgBPAEsAZQAt;encodedco IABpAE4AdgBPAEsAZQAt;encodedcom IABpAE4AdgBPAEsAZQAt;encodedcomm IABpAE4AdgBPAEsAZQAt;encodedcomma IABpAE4AdgBPAEsAZQAt;encodedcomman IABpAE4AdgBPAEsAZQAt;encodedcommand IABpAE4AdgBPAEsAZQAt;e SQBmACgAJAB;en SQBmACgAJAB;enc SQBmACgAJAB;enco SQBmACgAJAB;encode SQBmACgAJAB;encoded SQBmACgAJAB;encodedco SQBmACgAJAB;encodedcom SQBmACgAJAB;encodedcomm SQBmACgAJAB;encodedcomma SQBmACgAJAB;encodedcomman SQBmACgAJAB;encodedcommand SQBmACgAJAB;e J;en J;enc J;enco J;encode J;encoded J;encodedco J;encodedcom J;encodedcomm J;encodedcomma J;encodedcomman J;encodedcommand J;e SUVY;en SUVY;enc SUVY;enco SUVY;encode SUVY;encoded SUVY;encodedco SUVY;encodedcom SUVY;encodedcomm SUVY;encodedcomma SUVY;encodedcomman SUVY;encodedcommand SUVY;e aWV4;en aWV4;enc aWV4;enco aWV4;encode aWV4;encoded aWV4;encodedco aWV4;encodedcom aWV4;encodedcomm aWV4;encodedcomma aWV4;encodedcomman aWV4;encodedcommand aWV4;e dmFy;en dmFy;enc dmFy;enco dmFy;encode dmFy;encoded dmFy;encodedco dmFy;encodedcom dmFy;encodedcomm dmFy;encodedcomma dmFy;encodedcomman dmFy;encodedcommand dmFy;e dgBhA;en dgBhA;enc dgBhA;enco dgBhA;encode dgBhA;encoded dgBhA;encodedco dgBhA;encodedcom dgBhA;encodedcomm dgBhA;encodedcomma dgBhA;encodedcomman dgBhA;encodedcommand dgBhA;e R2V0;en R2V0;enc R2V0;enco R2V0;encode R2V0;encoded R2V0;encodedco R2V0;encodedcom R2V0;encodedcomm R2V0;encodedcomma R2V0;encodedcomman R2V0;encodedcommand R2V0;e IAAgAH;en IAAgAH;enc IAAgAH;enco IAAgAH;encode IAAgAH;encoded IAAgAH;encodedco IAAgAH;encodedcom IAAgAH;encodedcomm IAAgAH;encodedcomma IAAgAH;encodedcomman IAAgAH;encodedcommand IAAgAH;e TVq;en TVq;enc TVq;enco TVq;encode TVq;encoded TVq;encodedco TVq;encodedcom TVq;encodedcomm TVq;encodedcomma TVq;encodedcomman TVq;encodedcommand TVq;e aQBIA;en aQBIA;enc aQBIA;enco aQBIA;encode aQBIA;encoded aQBIA;encodedco aQBIA;encodedcom aQBIA;encodedcomm aQBIA;encodedcomma aQBIA;encodedcomman aQBIA;encodedcommand aQBIA;e UEs;en UEs;enc UEs;enco UEs;encode UEs;encoded UEs;encodedco UEs;encodedcom UEs;encodedcomm UEs;encodedcomma UEs;encodedcomman UEs;encodedcommand UEs;e H4s;en H4s;enc H4s;enco H4s;encode H4s;encoded H4s;encodedco H4s;encodedcom H4s;encodedcomm H4s;encodedcomma H4s;encodedcomman H4s;encodedcommand H4s;e dXNpbm;en dXNpbm;enc dXNpbm;enco dXNpbm;encode dXNpbm;encoded dXNpbm;encodedco dXNpbm;encodedcom dXNpbm;encodedcomm dXNpbm;encodedcomma dXNpbm;encodedcomman dXNpbm;encodedcommand dXNpbm;e cwBhA;en cwBhA;enc cwBhA;enco cwBhA;encode cwBhA;encoded cwBhA;encodedco cwBhA;encodedcom cwBhA;encodedcomm cwBhA;encodedcomma cwBhA;encodedcomman cwBhA;encodedcommand cwBhA;JABzA FromBase64String JAB;SUVY;aWV4;dmFy;dgBhA;R2V0;SQBFAF;TVq;aQBIA;UEs;H4s;dXNpbm;cwBhA /v Word experienced;/v Excel experienced;-v Word experienced;-v Excel experienced JABlAG4AdgA6AHUAcwBlAHIAcAByAG8AZgBpAGwAZQ;QAZQBuAHYAOgB1AHMAZQByAHAAcgBvAGYAaQBsAGUA;kAGUAbgB2ADoAdQBzAGUAcgBwAHIAbwBmAGkAbABlA;IgAoACcAKgAnACkAOwAkA;IAKAAnACoAJwApADsAJA;iACgAJwAqACcAKQA7ACQA e^;^en^;^nc ^ ..\;\.. C:\Program Files;\Razer\Synapse3\Service\Razer Synapse Service.exe C:\Program Files;\Razer\;\UserProcess\Razer Synapse Service Process.exe C:\ProgramData\MspPlatform\N-central Agent\PME\PMESetup.exe;C:\Program Files (x86)\MspPlatform\PME\Installers\FileCacheServiceAgentSetup.exe;C:\Program Files (x86)\MspPlatform\PME\Installers\RequestHandlerAgentSetup.exe;C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe C:\ProgramData\MspPlatform\N-central Agent\PME\PMESetup.exe;C:\Program Files (x86)\MspPlatform\PME\Installers\FileCacheServiceAgentSetup.exe;C:\Program Files (x86)\MspPlatform\PME\Installers\RequestHandlerAgentSetup.exe;C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe \cmd.exe /c del "C:\Users\*\AppData\Local\Temp\*.exe;\cmd.exe /c del "C:\Users\*\Desktop\*.exe;\cmd.exe -c del "C:\Users\*\AppData\Local\Temp\*.exe;\cmd.exe -c del "C:\Users\*\Desktop\*.exe ping.exe -n 6 127.0.0.1 &ping.exe /n 6 127.0.0.1 & type System.Net.Networkinformation.ping mofcomp.exe net.exe;net1.exe;net2.exe user;group;localgroup remove;delete;active;del tvsu_tmp net.exe;net1.exe;net2.exe user add tvsu_tmp dsmod.exe dsadd.exe WerFault.exe -s;/s cmd.exe echo;\pipe\;> cmd.exe /c;copy;dll;\\;admin$ rundll32.exe ,;StartW rundll32.exe ,;update;appdata;temp;/i: rundll32.exe ,;update;appdata;temp;-i: dllhost.exe {3E5FC7F9-9A51-4367-9063-A120244FBEC7};{3E000D72-A845-4CD9-BD83-80C07C3B881F};{D2E7041B-2927-42fb-8E9F-7CE93B6DC937};{02B49784-1CA2-436C-BC08-72FA3956507D};{BEF590BE-11A6-442A-A85B-656C1081E04C} dllhost.exe {3E5FC7F9-9A51-4367-9063-A120244FBEC7};{3E000D72-A845-4CD9-BD83-80C07C3B881F};{D2E7041B-2927-42fb-8E9F-7CE93B6DC937};{02B49784-1CA2-436C-BC08-72FA3956507D};{BEF590BE-11A6-442A-A85B-656C1081E04C} winlogon.exe;services.exe;lsass.exe;csrss.exe;wininit.exe;spoolsv.exe;searchindexer.exe powershell.exe;pwsh.exe;cmd.exe AUTHORI;AUTORI route ; ADD eventvwr.exe c:\windows\system32\mmc.exe fodhelper.exe InstallUtil.exe Invoke-PsUaCme BypassUAC PowerUp computerdefaults.exe dism.exe fodhelper.exe NT AUTHORITY\NETWORK SERVICE;NT AUTHORITY\LOCAL SERVICE;SERVICE LOCAL;ERVICE RÉSEAU;NETZWERKDIENST;LOKALER DIENST;NETZWERKDIENST;SERVICIO DE RED;ERVICIO LOC NT AUTHORITY\SYSTEM;СИСТЕМА;NT-AUTORITÄT\SYSTEM;AUTORITE NT\SYSTEM c:\windows\system32\svchost.exe -k netsvcs -s Appinfo runas.exe Cmd.Exe winlogon.exe utilman.exe Cmd.Exe winlogon.exe sethc.exe utilman.exe C:\Windows\System32\ATBroker.exe;Magnify.exe;C:\Windows\System32\osk.exe sethc.exe osk.exe Magnify.exe DisplaySwitch.exe Narrator.exe AtBroker.exe sdbinst.exe dwm.exe cmd.exe 7zFM.exe ;/c;-c cmd.exe elevation_service.exe System unknown process \LocalState\rootfs\ \LocalState\rootfs\ auditpol /set;-set;/restore;-restore;/clear;-clear;/remove;-remove;/resourceSACL;-resourceSACL +s;+h attrib.exe Hidden;Attributes powershell.exe Sysinternals Sysmon /u;/c;-u;-c C:\ProgramdData\sysmon\ MpCmdRun.exe Add-MpPreference;RemoveDefinitions;DisableIOAVProtection C:\Program Files (x86)\MspPlatform\RequestHandlerAgent\RequestHandlerAgent.exe IMPHASH=84B763C45C0E4A3E7CA5548C710DB4EE IMPHASH=19584675D94829987952432E018D5056 IMPHASH=330768a4f172e10acb6287b87289d83b PsKill.exe Set-MpPreference;Add-MpPreference;Remove-MpPreference;MpCmdRun.exe RemoveDefinitions;RemoveDynamicSignature;DisableIOAVProtection;DisableRealTimeMonitoring;DisableBehaviorMonitoring;DisableBlockAtFirstSeen;DisableIOAVProtection;DisablePrivacyMode;DisableScriptScanning;DisableRealtimeMonitoring;DisableScanningNetworkFiles;DisableScanningMappedNetworkDrivesForFullScan;DisableRestorePoint;DisableRemovableDriveScanning;SignatureDisableUpdateOnStartupWithoutEngine;DisableIntrusionPreventionSystem;DisableScanOnRealtimeEnable;DisableArchiveScanning;DisableIntrusionPreventionSystem;DisableScriptScanning;DisableOnAccessProtection;ExclusionExtension;ExclusionPath;ExclusionProcess;ThreatDefaultAction;TamperProtection interface ipv6 set interface ipv4 set taskkill.exe firewall delete ROGLiveService;C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe C:\Program Files\ASUS\ROG Live Service\RLSInstallAction.exe C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe firewall add cmd.exe;ROGLiveService;C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe;enable=yes C:\Program Files\ASUS\ROG Live Service\RLSInstallAction.exe C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe firewall set opmode disable Core Networking - Router Solicitation netsh advfirewall firewall wevtutil.exe cl wevtutil im wevtutil.exe im ClickToRun fltMC.exe detach;unload appcmd.exe DontLog;True iisetup.exe set;NGenAssemblyUsageLog New-ItemProperty;NGenAssemblyUsageLog reg;add;dword;NGenAssemblyUsageLog $env;NGenAssemblyUsageLog set;COMPlus_ETWEnabled New-ItemProperty;COMPlus_ETWEnabled reg;add;dword;COMPlus_ETWEnabled $env;COMPlus_ETWEnabled bash.exe;wsl.exe;ubuntu.exe;kali.exe -e;/e;-u root;--exec bash;dev/tcp;~ -d;~ /d wsl.exe wsl.exe wslhost.exe wslhost.exe ntsirlemes_deadpool ubuntu.exe ubuntu.exe kali.exe kali.exe distro-id;vm-id pcalua.exe pcalua.exe bash.exe bash.exe forfiles.exe forfiles.exe .com -appvscript C:\Users\NetworkService\;C:\Users\NetworkService\;HarddiskVolumeShadowCopy;C:\Users\Default\;C:\Users\Public;C:\Users\Guest\;\administrateur\;C:\Windows\Media\;C:\Windows\addins\;tsclient\;\htdocs\;\config\systemprofile\;C:\PerfLogs\;c:\windows\ServiceProfiles\;C:\Intel\Logs\;C:\Windows\repair\;C:\Windows\Help\;$Recycle;C:\Windows\Debug\;C:\Windows\Security\;C:\Windows\Fonts\;\wwwroot\;\Contacts;C:\Windows\vss\ C:\Windows\SysWOW64\config\systemprofile\Citrix\UpdaterBinaries\;\CitrixReceiverUpdater.exe .exe .7z.exe .doc.exe .doc.exe .docx.exe .ico.exe .iso.exe .lnk.exe .pdf.exe .ppt.exe .pptx.exe .rar.exe .rtf.exe .txt.exe .xls.exe .xlsx.exe .zip.exe ______.exe reg add hkcu\software\classes\ reg.exe add hkcu\software\classes\ C:\WINDOWS\system32\svchost.exe -k localService -s RemoteRegistry regedit.exe : reg.exe delete regedit.exe /d;-d HKCU:;HKLM remove-item HKCU:;HKLM set-item;new-item chcp.exe 936 1256 864 1258 855 866 powershell.exe -e ;-en;-enc;-enco;-encod;-encode;-encoded;-encodedc;-encodedco;-encodedcom;-encodedcomm;-encodedcomma;-encodedcomman;-encodedcommand;/e ;/en;/enc;/enco;/encod;/encode;/encoded;/encodedc;/encodedco;/encodedcom;/encodedcomm;/encodedcomma;/encodedcomman;/encodedcommand powershell.exe -w h;-wi h;-win h;-wind h;-windo h;-window h;-windows h;-windowst h;-windowsty h;-windowstyl h;-windowstyle h;/w h;/wi h;/win h;/wind h;/windo h;/window h;/windows h;/windowst h;/windowsty h;/windowstyl h;/windowstyle h powershell.exe -ex;/ex bypass C:\Programdata\Sysmon\SysmonUpdateConfig.ps1 C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe powershell.exe -noni;/noni Import-Module FileServerResourceManager C:\Program Files\LogicMonitor powershell.exe hextobin;iex;io.filestream;system.text;base64;system.io;io.file;IMAGE_SUBSYSTEM_WINDOWS_GUI;IMAGE_NT_OPTIONAL_HDR32;IMAGE_NT_OPTIONAL_HDR64;DllCharacteristicsType;GetDelegateForFunctionPointer;WriteProcessMemory;ReadProcessMemory;ImpersonateSelf;AdjustTokenPrivileges;NtCreateThreadEx;CreateRemoteThread;io.seek;iwr;-bxor;invoke-expression;remove.to.string;shellcode;System.Net.WebClient;System.Net.WebRequest;System.Net.SecurityProtocolType;unicode;-useb;msxml2.serverxmlhttp;wscript.shell;-comobject;frombase64;io.compression;system.convert;io.streamreader;io.memorystream;compression.gzipstream;text.encoding;executioncontext;text.enc;convertto-securestring;runtime.interop;verbosepreference;[[string]]::join powershell.exe SUVYI;aWV4I;SQBFAFgA;aQBlA;TW96aWxsYS;1vemlsbGEv;Nb3ppbGxhL;TQBvAHoAaQBsAGwAYQAv;0AbwB6AGkAbABsAGEAL;BNAG8AegBpAGwAbABhAC;UwB0AGE C^om^S^pEc;^c^o^m^S^p^E^c^;Wscript.Shell;-ComObject;MsXml2.ServerXmlHttp;Remove.ToString;System.Convert;-UseB;[Byte[];^h^t^t^p;h"t"t"p IwAjACMAd;IyM=;SUVYI;aWV4I;SQBFAFgA;aQBlAHgA;TW96aWxsYS;1vemlsbGEv;Nb3ppbGxhL;TQBvAHoAaQBsAGwAYQAv;0AbwB6AGkAbABsAGEAL;BNAG8AegBpAGwAbABhAC WindowStyle Hidden function;WindowStyle Hidden;windowstyle h;windowstyl h;windowsty h;windowst h;windows h;window h;windo h;wind h;win h;wi h;-w h;/w h;win hi;win hid;win hidd;win hidde;win hidden ^ TYPE CON > copy CON > FromBase64String;action=create keyvalue=;VerbosePreference.ToString;SecureString;CSharpCodeProvider;runtime.interopservices.marshal;system.globalization.numberstyles;system.reflection.assembly;hextobin;VerbosePreference.ToString;system.text.encoding;io.filestream;io.filestream;io.seekorigin;text.encoding;unicode.getstring;FromBase64;[Convert]::;System.IO.File]::ReadAllText;|iex ngen.exe;install certutil decode;encode ping.exe 0x csc.exe \AppData\;\Windows\Temp\ csc.exe wscript.exe cscript.exe mshta.exe mofcomp.exe .mof C:\WINDOWS\Installer\MSI MsMpEng.exe aspnet_regiis.exe msiexec.exe csc.exe out:;target:library Microsoft.Workflow.Compiler.exe autochk.exe \smss.exe;\fontdrvhost.exe;\dwm.exe \consent.exe;\Runtimebroker.exe;\TiWorker.exe \svchost.exe - \consent.exe;\Runtimebroker.exe;\TiWorker.exe svchost.exe - SearchProtocolHost.exe \SearchIndexer.exe;\dllhost.exe - dllhost.exe \services.exe;\svchost.exe - smss.exe \smss.exe System - csrss.exe - \smss.exe;svchost.exe wininit.exe - \smss.exe winlogon.exe \smss.exe \lsass.exe;LsaIso.exe \wininit.exe LogonUI.exe \wininit.exe;\winlogon.exe services.exe \wininit.exe svchost.exe - \MsMpEng.exe;\services.exe spoolsv.exe \services.exe taskhost.exe \services.exe;\svchost.exe userinit.exe \dwm.exe;\winlogon.exe \wmiprvse.exe;\wsmprovhost.exe;\winrshost.exe - \svchost.exe \SearchProtocolHost.exe;\taskhost.exe;\csrss.exe \werfault.exe;\wermgr.exe;\WerFaultSecure.exe;\NGenTask.exe autochk.exe \chkdsk.exe;\doskey.exe;\WerFault.exe smss.exe \autochk.exe;\smss.exe;\csrss.exe;\wininit.exe;\winlogon.exe;\setupcl.exe;\WerFault.exe wermgr.exe \WerFaultSecure.exe;\wermgr.exe;\WerFault.exe wermgr.exe wermgr.exe \rundll32.exe;\regsvr32.exe \explorer.exe;\wermgr.exe;\msra.exe;\OneDriveSetup.exe;\mobsync.exe;\xwizard.exe .exe conhost.exe \mscorsvw.exe;\wermgr.exe;\WerFault.exe;\WerFaultSecure.exe System.Management.Automation "C:\Windows\Microsoft.NET\Framework\;\ngen.exe;install InstallUtil.exe /logfile=;/LogToConsole=false;/U InstallUtil.exe -logfile=;-LogToConsole=false;-U Mavinject.exe;mavinject64.exe INJECTRUNNING CMSTP.exe /ni;/s CMSTP.exe /ns;/s CMSTP.exe -ni;-s CMSTP.exe -ns;-s rundll32.exe;shell32.dll;_RunDLL C:\Windows\ImmersiveControlPanel\SystemSettings.exe C:\Windows\System32\appwiz.cpl odbcconf.exe /S /A {REGSVR;-S -A {REGSVR script:http Register-cimprovider Scriptrunner.exe -appvscript bginfo cbd runscripthelper.exe surfacecheck xwizard RunWizard PresentationHost driver executeinf control.exe /name;control.exe -name Control_RunDLL SyncAppvPublishingServer.exe Scriptrunner.exe ATBroker.exe Appvlp.exe InfDefaultInstall.EXE PresentationHost.exe RegisterCimProvider2.exe RegisterCimProvider.exe ScriptRunner.exe csi.exe extexport.exe msconfig.EXE rasdlui.exe tttracer.exe verclsid.exe wab.exe Register-cimprovider.exe csi.exe devtoolslauncher.exe LaunchForDeploy bginfo devtoolslauncher.exe wab.exe wsreset.exe cmstp.exe /ni /s;cmstp.exe -ni -s cmstp /ni /s;cmstp -ni -s Mavinject.exe INJECTRUNNING rundll32.exe DllRegisterServer xapauthenticodesip.dll regsvr32.exe C:\Users;Appdata;Temp regsvr32.exe C:\Users;Public Microsoft(C) Register Server SyncAppvPublishingServer.exe control.exe rasautou.exe control.exe /name;control.exe -name Control_RunDLL msiexec.exe /y;-y C:\Windows\SysWOW64\DartSock.dll C:\Windows\SysWOW64\ImageViewer2.OCX C:\Windows\SysWOW64\SysTray.ocx C:\Windows\SysWOW64\tdbg6.ocx C:\Windows\SysWOW64\tdbg7.ocx C:\Windows\SysWOW64\tdbg7.ocx C:\Windows\SysWOW64\todg7.ocx C:\Windows\SysWOW64\todgub7.dll C:\Windows\SysWOW64\xarraydb.ocx msiexec.exe /i;-i http RUNDLL32.EXE ,;# C:\Windows\resources\themes\Aero\AeroLite.msstyles uxtheme.dll ImageView_Fullscreen EDGEHTML.dll PhotoViewer.dll \AppData\Local\WebEx\WebEx\ RUNDLL32.EXE -sta;/sta RUNDLL32.EXE -localserver;/localserver RUNDLL32.EXE shell32.dll;OpenAs_RunDLL RUNDLL32.EXE powershell RUNDLL32.EXE url.dll;OpenURL RUNDLL32.EXE url.dll;FileProtocolHandler RUNDLL32.EXE zipfldr.dll;RouteTheCall RUNDLL32.EXE Shell32.dll;Control_RunDLL RUNDLL32.EXE javascript: RUNDLL32.EXE RegisterXLL rundll32.exe C:\Users;Public rdpinit.exe rdpinit.exe;G2MInstaller;GoToMeeting;LogMeIn;firefox.exe rundll32.exe C:\Users;Appdata;Temp ImageView_ rdpinit.exe rdpinit.exe;G2MInstaller;GoToMeeting;LogMeIn;firefox.exe advpack.dll;LaunchINFSection ieadvpack.dll;LaunchINFSection syssetup.dll;SetupInfObjectInstallAction setupapi.dll;InstallHinfSection InstallHinfSection infDefaultInstall.exe rundll32.exe "C:\Windows\twain_64.dll" shdocvw.dll;OpenURL advpack.dll;RegisterOCX Zipfldr.dll;RouteTheCall url.dll;FileProtocolHandler url.dll;FileProtocolHandler OpenURLA;file: OpenURL;file: mshta.exe cmd.exe;powershell.exe;wscript.exe;cscript.exe;sh.exe;bash.exe;reg.exe;regsvr32.exe;bitsadmin mshta.exe RunHTMLApplication mshtml vbscript:CreateObject odbcconf.exe manage-bde.wsf powershell.exe;powershell_ise.exe msbuild.exe msbuild.exe regasm.exe msbuild.exe userinit.exe msbuild.exe .xml regasm.exe \conhost.exe msbuild.exe .lnk .csproj msxsl.exe msxsl.exe /stext keylog keyscan_ Get-Keystrokes /scomma sniff C:\Program Files\Adobe\ tcpdump.exe;tcpdump.c;tshark.exe;tshark.c;windump.exe;windump.c;wireshark.c;wireshark.exe windump;tshark;tcpdump;windump;wireshark netsh;trace;start;capture=yes vssadmin.exe create;shadow wmic.exe shadowcopy;call;create wmic.exe call;create;esentutl;vss win32_shadowcopy;create;clientaccessible mklink;GLOBALROOT;Shadow copy;NTDS\ntds.dit ntdsutil.exe copy;System32\config\SYSTEM reg;save;HKLM mimikatz;mimidrv;mimilove;mimilib;sekurlsa;lsadump;dumpcreds;privilege::;token::;logonpasswords;mimikittenz;mimiauth;::;kerberos::;misc::skeleton;privilege::debug;dpapi::cred;vault::cred;lsadump;misc::;Krbtgt;TOKEN::;invoke-mimi cmdkey rpcping.exe nltest.exe -ma lsass.exe;Do-Exfiltration;Powersploit;GPPPassword;gpprefdecrypt;gsecdump;hashdump;laZagne;ntds.dit;ppldump;pwdump;pwdumpx;secretsdump;/listcreds:;-listcreds: VaultCloseVault VaultEnumerateItem VaultFree VaultGetItem VaultOpenVault Vaultcmd vaultcli.dll select * from moz_login Invoke-WinEnum System.Net.CredentialCache create shadow wlan;export;profile;key=clear dcsync HKCU /f password;HKCU -f password HKLM /f password;HKLM -f password nltest.exe ProcDump.exe ProcDump asktgt;asktgs createnetonly /program:;createnetonly -program: dump /service:krbtgt;dump -service:krbtgt harvest /interval:;harvest -interval: renew /ticket:;renew -ticket: asreproast impersonateuser: kerberoast ptt /ticket: klist.exe hh.exe appcmd.exe list;text;password quser.exe net.exe;net1.exe;net2.exe group;localgroup; user /domain SUService \users tvsu_tmp net.exe;net1.exe;net2.exe group;localgroup; user /domain SUService \users tvsu_tmp sharphound;bloodhound;azurehound;CollectionMethod;encryptzip;randomizefilenames;dumpcomputerstatus sharphound;bloodhound sharphound;bloodhound sharphound;bloodhound sharphound;bloodhound sharphound;bloodhound sharphound;bloodhound dscl . list /Groups;dscl . list -Groups dscl . list /Users;dscl . list -Users dsquery.exe query.exe tree.com auditpol /get;-get;/list;-list;/backup;-backup gpresult.exe get-gpo;get-gpresult;get-gpreg tasklist.exe qprocess.exe reg query reg.exe query driverquery.exe tracert.exe pathping.exe find;385201 select-string;385201 find;virus select-string;virus process;Description;virus find;cb select-string;cb process;Description;cb find;defender select-string;defender process;Description;defender find;crowdstrike select-string;crowdstrike process;Description;crowdstrike find;sentinel select-string;sentinel process;Description;sentinel find;nessusd select-string;nessusd process;Description;nessusd find;td-agent select-string;td-agent process;Description;td-agent find;cbagentd select-string;cbagentd process;Description;cbagentd find;sysmon select-string;sysmon process;Description;sysmon find;winlogbeat select-string;winlogbeat process;Description;winlogbeat find;winlogbeat select-string;winlogbeat process;Description;winlogbeat find;csfalcon select-string;csfalcon process;Description;csfalcon find;splunk select-string;splunk process;Description;splunk find;sidecar select-string;sidecar process;Description;sidecar find;nxlog select-string;nxlog process;Description;nxlog find;lpagent select-string;lpagent process;Description;lpagent fltMC.exe misc::mflt AntiVirusProduct root\SecurityCenter2 sysinfo.exe systeminfo netsh.exe get;list;show netsh.exe get;list;show ipconfig.exe netstat.exe arp -a arp.exe -a arp -a whoami.exe;whoami1.exe wmic.exe get;useraccount netsh.exe add;set encryption;dohtemplate netsh.exe add;del;set nbtstat nessus route.exe print route.exe ADD;DEL;CHANGE;-f qwinsta.exe rwinsta.exe Microsoft Office\root\Office Microsoft Office\root\Office automation;Embedding admin$ davclnt.dll WebClientGroup /shadow;-shadow noConsentPrompt tscon.exe dest:rdp-tcp: powershell.exe WmiPrvSE.exe WmiPrvSE.exe \Users\ NetworkDetective WmiPrvSE.exe sc.exe tenable WmiPrvSE.exe cmd.exe WmiPrvSE.exe do_vbsUpload;Spiceworks regsvr32.exe WmiPrvSE.exe cmd.exe WmiPrvSE.exe powershell.exe WmiPrvSE.exe dsa.msc virtmgmt.msc wmiprvse.exe CompMgmtLauncher.exe DismHost.exe Microsoft.NET\Framework NetEvtFwdr.exe ServerManager.exe WerFault.exe chcp.com g2mupdate.exe slack.exe wsmprovhost.exe cmd.exe sh.exe bash.exe wsl.exe powershell.exe powershell_ise.exe schtasks.exe at.exe certutil.exe mshta.exe whoami.exe ping.exe ping.exe bitsadmin.exe winrm.cmd winrs.exe winrshost.exe waitfor.exe wsmprovhost.exe winrshost.exe wsmprovhost.exe wmiprvse.exe mshta.exe ssh.exe;putty.exe;kitty.exe;kitty_portable.exe PuTTY suite sftp;psftp rundll32.exe rundll32.exe ..\;, rundll32.exe ,StartW psshutdown psservice PsPasswd mstsc.exe telnet.exe tftp.exe powershellcustomhost -Embedding c:\windows\system32\mmc.exe --execm;atexec {4991d34b-80a1-4291-83b6-3328366b9097} {00020812-0000-0000-C000-000000000046} {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91} {7e0423cd-1119-0928-900c-e6d4a52a0715} {0006F04A-0000-0000-C000-000000000046} {048EB43E-2059-422F-95E0-557DA96038AF} {13709620-C279-11CE-A49E-444553540000} {c08afd90-f2a1-11d1-8455-00a0c91f3880} 9BA05972-F6A8-11CF-A442-00A0C90A8F39 {00021A20-0000-0000-C000-000000000046} {72C24DD5-D70A-438B-8A42-98424B88AFB8} {00020906-0000-0000-C000-000000000046} {cc5bbec3-db4a-4bed-828d-08d78ee3e1ed} {1b7cd997-e5ff-4932-a7a6-2a9e636da385} {16d51579-a30b-4c8b-a276-0ff4dc41e755} rundll32.exe -sta;rundll32.exe /sta;rundll32 -sta;rundll32 /sta shell32.dll;SHCreateLocalServerRunDll -k DcomLaunch;/k DcomLaunch 7z.exe a -mx9 -r0 -p;a -v500m -mx9 -r0 -p 7z 7z winrar winrar winrar winrar winzip winzip Compress-Archive WindowsAudioDevice-Powershell-Cmdlet SoundRecorder.exe clip.exe get-clipboard New-MailboxExportRequest add-pssnapin;exchange;new-managementroleassignment;applicationimpersonation screencapture system.drawing.Imaging system.drawing.bitmap system.windows.forms.screen odHRwczovL;aHR0cDovL;h0dHA6Ly;odHRwOi8v;aHR0cHM6Ly;h0dHBzOi8v ie_to_edge_stub.exe;chrome.exe;firefox.exe;iexplore.exe;brave.exe;vivaldi.exe;msedge.exe;webex;teams.exe;goto opener.exe;lynx.exe;\Webex\webexAppLauncherLatest.exe;\WebEx\webexAppLauncher.exe;\WebEx\Applications\webexAppLauncher.exe;WebEx\webex.exe;C:\PROGRA~2\BEANYW~1\GETSUP~1\TCIntegratorCommHelper.exe wbx:;/SITE_TOKEN=;msteams:;PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSI;NCentralRDLdr.exe msedgeupdate.dll C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe;NCentralRDLdr.exe VFZvQUFBQ;RWb0FBQU;UVm9BQUFB;VFZxQUFBR;RWcUFBQU;UVnFBQUFF;VFZwUUFBS;RWcFFBQU;UVnBRQUFJ;VFZxUUFBT;RWcVFBQU;UVnFRQUFN;VFZwVEFRR;RWcFRBUU;UVnBUQVFF powershell.exe AAAAYInlM;OiCAAAAYInlM;OiJAAAAYInlM;RwBlAHQAL;WwBOAGUAdAAuAFM;W05ldC5TZXJ2aWNl Г;И;К;П;д;и;к;л;л;н;н;о;ф;ե;թ;յ;ն;ն;ն;ն;տ;ւ;ք certutil.exe urlcache;split;f DownloadFile;DownloadString;Net.WebClient;System.Net.WebRequest;System.Net.SecurityProtocolType;Invoke-Expression;Invoke-WebRequest powershell.exe;cmd.exe bitsadmin.exe CREATE;TRANSFER;DOWNLOAD;UPLOAD;ADDFILE;SetNotifyFlags;SetNotifyCmdLine;SetMinRetryDelay;SetCustomHeaders;RESUME util;setieproxy;localsystem;AUTODETECT BITS administration utility CREATE;TRANSFER;DOWNLOAD;UPLOAD;ADDFILE;SetNotifyFlags;SetNotifyCmdLine;SetMinRetryDelay;SetCustomHeaders;RESUME \curl.exe;\wget.exe;\www.exe \curl.exe;\wget.exe;\www.exe certutil split;f certutil verifyctl;URL C:\Perflogs\;C:\Users\Public\;C:\root\ C:\Perflogs\;C:\Users\Public\;C:\root\ start-bitstransfer expand;\\ expand.exe;\\ ieexec http ieexec.exe http powercat esentutl /y \\;esentutl -y \\ esentutl.exe /y \\;esentutl.exe -y \\ extrac32;\\ extrac32.exe;\\ portproxy tor.exe TeamViewer_Desktop.exe psexec winscp.exe;winscp.com;scp.exe;pscp bitch.exe;bitch.bat;bitch_lasagna.exe;Admin Cracker.exe;BulletsPassView.exe;ChromePass.exe;Dialupass.exe;LSASecretsView.exe;OpenedFilesView.exe;OperaPassView.exe;PasswordFox.exe;ProduKey.exe;RouterPassView.exe;USBDeview.exe;USBStealer.exe;VNCPassView.exe;WebBrowserPassView.exe;WirelessKeyView.exe;WirelessKeyView.exe;empv.exe;netpass.exe;pspv.exe;usbdll.exe;rdpv.exe;WirelessKeyView.exe;lasagna.exe;all -vvv >>;rsync -r CredsLeaker;Windows.Security.Credentials.UI.CredentialPicker;function Leaker;function Await .exe -url https://;dll,Run https://;Invoke-Merlin;-m SimpleHTTPServer;/m SimpleHTTPServer -q=txt;/q=txt nslookup.exe rclone Rsync for cloud storage rclone rclone \rclone s3browser s3browser s3browser s3browser add-ftp;.UploadFile( ftp.exe rundll32.exe davclnt.dll;DavSetCookie bcdedit.exe safeboot bootcfg.exe safeboot -startvm;vrun.exe -vm vssadmin.exe delete;resize wmic.exe shadowcopy;delete wbadmin.exe SYSTEMSTATEBACKUP;delete wmic.exe wmic shadowstorage SET MaxSpace= wmic.exe cleareventlog;call disable;nteventlog where filename diskpart.exe format;clean;delete;remove manage-bde.exe changepin;changepassword;changekey;wipefreespace;lock;/on;-on;/off;-off;-add;/add;-pw;/pw manage-bde.wsf changepin;changepassword;changekey;wipefreespace;lock;/on;-on;/off;-off;-add;/add;-pw;/pw format bootstatuspolicy ignoreallfailures recoveryenabled No Win32_Shadowcopy sdelete delete catalog wbadmin delete catalog erase -nw;-exec= /nw;/exec= -p;-nw /p;/nw shred diskshadow del ; /f del ; -f rmdir ; /s ; /q rmdir ; -s ; -q rd ; /s ; /q rd ; -s ; -q usn deletejournal fsutil.exe usn;deletejournal AdjustTokenPrivileges;IMAGE_NT_OPTIONAL_HDR64_MAGIC;LSA_UNICODE_STRING;Management.Automation.RuntimeException;Metasploit;Microsoft.Win32.UnsafeNativeMethods;Mimikatz;MiniDumpWriteDump;Net.Sockets.SocketFlags;PAGE_EXECUTE_READ;ReadProcessMemory.Invoke;Reflection.Assembly;Runtime.InteropServices;SECURITY_DELEGATION;SE_PRIVILEGE_ENABLED;System.Runtime.InteropServices;System.Security.Cryptography;TOKEN_ADJUST_PRIVILEGES;TOKEN_ALL_ACCESS;TOKEN_ASSIGN_PRIMARY;TOKEN_DUPLICATE;TOKEN_ELEVATION;TOKEN_IMPERSONATE;TOKEN_INFORMATION_CLASS;TOKEN_PRIVILEGES;TOKEN_QUERY;powerkatz C:\Program Files;\LightingService\AsusInstallVerifier.exe ahashpool;blazepool;blockmasters;blockmasterscoins;ccminer;cgminer;coinhive;hashrefinery;minergate;miningpoolhubcoins;nicehash;poolname;poolpassword;poolurl;rainbowminer;sgminer;stratum+tcp;xmrMiner;xmrig;yiimp;zergpool;zergpoolcoins;zpool CPU miner;GPU miner;Lime Miner;XMRig CPU miner; miner b91ce2fa41029f6955bff20079468448;02af7cec58b9a5da1c542b5a32151ba1;2c4a910a1299cdae2a4e55988a2f102e;846e27a652a5e1bfbd0ddd38a16dc865;4f2eb62fa529c0283b28d05ddd311fae;56ceb6d0011d87b6e4d7023d7ef85676 87AECF008D87EC86EC8B00A2394B3E6C FB3F0D0DE8B80EA8CFAB2A025EC6B833 F4067FBF7FFF6945D0BB485B727B39AA 4a069c1abe5aca148d5a8fdabc26751e;c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1;304772c80b157a916c7041f2f15939fb;291ff87948e45914424cec9510c297da;a4b42c2c95d1f2ff12171a01c86cd64f;98908ce6f80ecc48628c8d2bf5b2a50c;849a2b0dc80aeca3d175c139efe5221c;807d86da63f0db1fc746d1f0b05bc357;322cb39bc049aa69136925137906d855;86A4CAC227078B9C95C560C8F0370BF0;36dd195269979e01a29e37c488928497;7d9d29c1c03461608bcab930fef2f568;eac3e3ece94bc84e922ec077efb15edd;b4abe604916c04fe3dd8b9cb3d501d3f;88777aacd5f16599547926a4c9202862;128CECC59C91C0D0574BC1075FE7CB40;17a36ac3e31f3a18936552aff2c80249;0f49621b06f2cdaac8850c6e9581a594;3d129263f6a48647f103a04446fb0c2f;71345b139166482acaa568ac8816c7bc;1b60021baedc3f9201bcdb40e9b87f62;5E022694C0DBD1FBBC263D608E577949;cd4b9d0f2d1c0468750855f0ed352c1ed6d4f512d66e0e44ce308688235295b5;b017b9fc2484ce0a5629ff1fed15bca9f62f942eafbb74da6a40f40337187b04;2010f38ef300be4349e7bc287e720b1ecec678cacbf0ea0556bcf765f6e073ec;6a251ed6a2c6a0a2be11f2a945ec68c814d27e2b6ef445f4b2c7a779620baa11;5b102bf4d997688268bab45336cead7cdf188eb0d6355764e53b4f62e1cdf30c;37cd353621b0f4fc6981b50071c94f01;daf2da52475fd8981b19ec3c321a983c;afcdf79be1557326c854b6e20cb900a7;2f40abbb4f78e77745f0e657a19903fc953cc664;37b4496e650b3994312c838435013560b3ca8571;478dc5a5f934c62a9246f7d1fc275868f568bc07;1a2ab4df156ccd685f795baee7df49f8e701f271d3e5676b507112e30ce03c42;2c1d3d0a9c6f76726994b88589219cb8d9c39dd9924bc8d2d02bf41d955fe326;5c776a33568f4c16fee7140c249c0d2b1e0798a96c7a01bfd2d5684e58c9bb32;5fc4b0076eac7aa7815302b0c3158076e3569086c4c6aa2f71cd258238440d14;08c34c6ac9186b61d9f29a77ef5e618067e0bc9fe85cab1ad25dc6049c376949;758598370c3b84c6fbb452e3d7119f700f970ed566171e879d3cb41102154272;bef59b9a3e00a14956e0cd4a1f3e7524448cbe5d3cc1295d95a15b83a3579c59;c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1;c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1;e8542c07b2af63ee7e72ce5d97d91036c5da56e2b091aa2afe737b224305d230;0ac48cfa2ff8351365e99c1d26e082ad;0e9afd3a870906ebf34a0b66d8b07435;1aadf739782afcae6d1c3e4d1f315cbd;2a6f7ec77ab6bd4297e7b15ae06e2e61;3a771efb7ba2cd0df247ab570e1408b2;3d75c72144d873b3c1c4977fbafe9184;3dfebce4703f30eed713d795b90538b5;3ffd2915d285ad748202469d4a04e1f5;4e39620afca6f60bb30e031ddc5a4330;6cfd131fef548fcd60fbcdb59317df8e;7bcd736a2394fc49f3e27b3987cce640;7bfba2c69bed6b160261bdbf2b826401;7bfbd72441e1f2ed48fbc0f33be00f24;7c733607a0932b1b9a9e27cd6ab55fe0;7d5265e814843b24fcb3787768129040;08e82dc7bae524884b7dc2134942aadb;8da15a97eaf69ff7ee184fc446f19cf1;9ad6fa6fdedb2df8055b3d30bd6f64f1;9c115e9a81d25f9d88e7aaa4313d9a8f;16ab79fb2fd92db0b1f38bedb2f02ed8;21feb6aa15e02bb0cddbd544605aabad;21feb6aa15e02bb0cddbd544605aabad;22d142f11cf2a30ea4953e1fffb0fa7e;36db24006e2b492cafb75f2663f241b2;51a7068640af42c3a7c1b94f1c11ab9d;69a19abf5ba56ee07cdd3425b07cf8bf;72dc98449b45a7f1ccdef27d51e31e91;77a745b07d9c453650dd7f683b02b3ed;80c37e062aa4c94697f287352acf2e9d;92f8e3f0f1f7cc49fad797a62a169acd;235d427f94630575a4ea4bff180ecf5d;320b2f1d9551b5d1df4fb19bd9ab253a;490a140093b5870a47edc29f33542fd2;520ee02668a1c7b7c262708e12b1ba6b;649ef1dd4a5411d3afcf108d57ff87af;684eca6b62d69ce899a3ec3bb04d0a5b;815f1f8a7bc1e6f94cb5c416e381a110;0969b2b399a8d4cd2d751824d0d842b4;2317d65da4639f4246de200650a70753;04078ef95a70a04e95bda06cc7bec3fa;8035a8a143765551ca7db4bc5efb5dfd;8403a28e0bffa9cc085e7b662d0d5412;9003cfaac523e94d5479dc6a10575e60;9793afcea43110610757bd3b800de517;27612cb03c89158225ca201721ea1aad;44619a88a6cff63523163c6a4cf375dd;061089d8cb0ca58e660ce2e433a689b3;81229c1e272218eeda14892fa8425883;84730a6e426fbd3cf6b821c59674c8a0;533340c54bd25256873b3dca34d7f74e;57314359df11ffdf476f809671ec0275;99828721ac1a0e32e4582c3f615d6e57;412956675fbc3f8c51f438c1abc100eb;5985087678414143d33ffc6e8863b887;a43d3b31575846fa4c3992b4143a06da;a571660c9cf1696a2f4689b2007a12c7;b4e67706103c3b8ee148394ebee3f268;b9c208ea8115232bfd9ec2c62f32d6b8;b9cf4301b7b186a75e82a04e87b30fe4;b72737b464e50aa3664321e8e001ff32;bfe3f6a79cad5b9c642bb56f8037c43b;c0e72eb4c9f897410c795c1b360090ef;c1e7850da5604e081b9647b58248d7e8;c3e255888211d74cc6e3fb66b69bbffb;cacaa3bf3b2801956318251db5e90f3c;cdb303f61a47720c7a8c5086e6b2a743;ce8ce92fb6565181572dce00d69c24f8;d8f1356bebda9e77f480a6a60eab36bb;d9e9f22988d43d73d79db6ee178d70a4;d5377dc1821c935302c065ad8432c0d2;df91b86189adb0a11c47ce2405878fa1;e17bd40f5b5005f4a0c61f9e79a9d8c2;f559c87b4a14a4be1bd84df6553aaf56;fc53f2cd780cd3a01a4299b8445f8511;ffc7305cb24c1955f9625e525d58aeee e96a73c7bf33a464c510ede582318bf2;a53a02b997935fd8eedcb5f7abab9b9f d326e629a90e78825645963b35e53a6a;c579341f86f7e962719c7113943bb6e4;dc5733c013378fa418d13773f5bfe6f1;b8fcd4a3902064907fb19e0da3ca7aed72a7e6d1f94d971d1ee7a4d3af6a800d;965884f19026913b2c57b8cd4a86455a61383de01dabb69c557f45bb848f6c26;4a069c1abe5aca148d5a8fdabc26751e;dc7e564809d6c2a2f3457c3c9b91f22b;FE2CA1BE3BDA2A757036A89E54CC02DB;5470f0644589685000154cb7d3f60280acb16e39ca961cce2c016078b303bc1b 53841a0c6a3ff92976db08bfdf95e083 zoommtg pwd= zoommtg zc=0 zoommtg zc=1 msteams: wbx: C:\Users\ \Downloads\ C:\Users\ \Desktop\ \awk.exe;\sed.exe C:\Users\Public\;$Recyclebin;\Desktop\;\Content.Outlook\ C:\Users\Public\;$Recyclebin;\Desktop\;\Content.Outlook\;\Downloads\ .html;.hta;.iso;.js;.bat;.cmd;.cmdline;.vbs;.vb;.vbe;.reg;.com -s -n -u -i:http: /s /n /u /i:http: listena assoc del expand md move rd ren set setx bginfo.bgi /popup /nolicprompt;bginfo.bgi -popup -nolicprompt find.exe grabff routerscan pythonEngine.Execute sesshijack file:// HTML Application host Manager Profile Installer Microsoft Application Virtualization Injector Application Compatibility Database Installer popd.exe pushd.exe subst.exe doskey.exe cls.exe \ C:\Windows\system32\svchost.exe -k iissvcs \ acrobat.exe acrord32.exe java.exe C:\ProgramData\Cavelo\jre\bin\java.exe javaw.exe C:\Windows\system32\svchost.exe cacls.exe takeown.exe /x Macro \pipe\ > /noprofile /sc ONEVENT \\VBOXSVR | more |more \\tsclient %PROCESSOR_ARCHITECTURE% sysnative AutoIt Microsoft Filter Loader more.com :\Windows\Microsoft.NET\ acrord32.exe gpupdate.exe :\Windows\Microsoft.NET\ System explorer.exe \regedit.exe;\cmd.exe;terminal;\powershell C:\Windows\System32\WerFault.exe C:\Windows\System32\wbem\WmiPrvSE.exe C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe C:\Users C:\ProgramData \Temp\ \tmp\ \drivers\ \Download C:\Windows\system32\backgroundTaskHost.exe TrustedInstaller.exe OneDrive.exe vivaldi.exe chrome.exe C:\WINDOWS\system32\backgroundTaskHost.exe setup AppData\Local\Microsoft\Teams\current\Teams.exe \AppData\Local\Microsoft\Edge SxS\Application\msedge.exe census researchscan scanhub shadow shodan 137.184.67.33;206.188.196.77;125.212.220.48;5.180.61.17;47.242.39.92;61.244.94.85;86.48.6.69;86.48.12.64;94.140.8.48;94.140.8.113;103.9.76.208;103.9.76.211;104.244.79.6;112.118.48.186;122.155.174.188;125.212.241.134;185.220.101.182;194.150.167.88;212.119.34.11 137.184.67. httpbin.org advanced-ip-scanner.com kali.download wscript.exe at.exe schtasks.exe \temp\ 127.0.0.1 \wwwroot\ \Windows\addins\ C:\Windows\repair\ \htdocs\ C:\Windows\system32\config\systemprofile\ C:\Intel\Logs\ C:\Windows\addins\ C:\Windows\security\ C:\Windows\Help\ $RECYCLE.BIN C:\Windows\Debug\ C:\Windows\Fonts\ C:\PerfLogs\ :\$Recycle.bin\ :\Users\Default\ C:\Users\NetworkService\ C:\Users\Public\ C:\Windows\Media\ \Windows\IME\ C:\ProgramData CSC.exe infDefaultInstall.exe SyncAppvPublishingServer.exe InstallUtil.exe msiexec.exe regasm.exe;regsvcs.exe Mavinject.exe msbuild.exe dsquery.exe driverquery.exe nbtstat.exe net.exe net1.exe qwinsta.exe rwinsta.exe true 3389 AutomationManager.ScriptRunner64.exe C:\Program Files (x86)\VMware\VMware Remote Console\vmrc.exe C:\Program Files\VMware\VMware Remote Console\vmrc.exe C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_ CtxLicUsageRecorder.exe FSAssessment.exe FSDiscovery.exe MobaRTE.exe RDCMan.exe RSSensor.exe RTS2App.exe RTSApp.exe RemoteDesktopManager64.exe RemoteDesktopManager.exe RemoteDesktopManagerFree.exe Terminals.exe chrome.exe mRemote.exe mRemoteNG.exe mstsc.exe spiceworks-finder.exe svchost.exe thor64.exe thor.exe C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe SentinelRanger.exe true 3391 AutomationManager.ScriptRunner64.exe C:\Program Files (x86)\VMware\VMware Remote Console\vmrc.exe C:\Program Files\VMware\VMware Remote Console\vmrc.exe C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_ CtxLicUsageRecorder.exe FSAssessment.exe FSDiscovery.exe MobaRTE.exe RDCMan.exe RSSensor.exe RTS2App.exe RTSApp.exe RemoteDesktopManager64.exe RemoteDesktopManager.exe RemoteDesktopManagerFree.exe Terminals.exe chrome.exe mRemote.exe mRemoteNG.exe mstsc.exe spiceworks-finder.exe svchost.exe thor64.exe thor.exe true 3389 127.0.0.1;0:0:0:0:0:0:0:1 C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe true 3389 fe80:0 putty.exe;kitty.exe;kitty_portable.exe wsmprovhost.exe psftp.exe reg.exe psshutdown PsPasswd psservice ssh.exe psexe tftp.exe telnet.exe mstsc.exe wmic.exe sc.exe pskill dsquery.exe plink.exe vnc.exe vncviewer.exe vncservice.exe omniinet.exe hpsmhd.exe 50050 true 25 \Bin\EdgeTransport.exe;Bin\MSExchangeFrontendTransport.exe true powershell.exe 0:0:0:0:0:0:0:;127.0.0.1 mshta.exe cmd.exe certutil.exe bitsadmin.exe notepad.exe regsvcs.exe regsvr32.exe rundll32.exe tor.exe hiddenservice.net;onion.city;onion.direct;onion.direct;onion.link;onion.nu;onion.pet;onion.plus;onion.rip;onion.sh;onion.sh;onion.si;onion.to;onion.top;onion.ws;tor-gateways.de;tor2net.com;tor2web.blutmagie.de;tor2web.fi;tor2web.info;tor2web.io;tor2web.org;onion.to dns.google;cloudflare-dns.com;mozilla.cloudflare-dns.com;dns.233py.com;dns.aaflalo.me;doh.opendns.com;.quad9.net;dns.cleanbrowsing.org;dns-family.adguard.com;dns.adguard.com;.233py.com;dnscrypt;dnscrypt-cert.oszx.co;dns.oszx.co;doh.dns.sb;doh.defaultroutes.de;doh.tiarap.org;doh.tiar.app;doh.captnemo.in;.aaflalo.me;doh.appliedprivacy.net;doh.dnswarden.com;commons.host;dns.twnic.tw;ibuki.cgnat.net;doh.xfinity.com;dns.nextdns.io;dns.dnsoverhttps.net;doh.crypto.sx;doh.powerdns.org;.blahdns.com;dns.rubyfish.cn;dns.containerpi.com;.seby.io;rdns.faelix.net;doh.li;.armadillodns.net;doh.netweaver.uk;doh.42l.fr;dns.aa.net.uk;adblock.mydns.network;ibksturm.synology.me;jcdns.fun privatlab.com mega.nz;mega.co.nz .pcloud.com 0x1f4b0.com;1q2w3.life;1q2w3.website;31.187.64.216;185.193.38.148;aalbbh84.info;adfreetv.ch;adless.io;adplusplus.fr;adrenali.gq;ajcryptominer.com;ajplugins.com;allfontshere.press;altavista.ovh;amhixwqagiz.ru;analytics.blue;appelamule.com;arizona-miner.tk;aster18cdn.nl;aster18prx.nl;avero.xyz;averoconnector.com;bauersagtnein.myeffect.net;bhzejltg.info;blazepool;blockmasters;blockmasterscoins;bmnr.pw;bmst.pw;bohemianpool;carry.myeffect.net;cashbeet.com;cdn-code.host;cfceu.duckdns.org;cfcnet.gdn;cfcnet.top;cfcs1.duckdns.org;chainblock.science;cieh.mx;coin-hive.com;coin-service.com;coin-services.info;coiner.site;coinpirate.cf;coinrail.io;coinwebmining.com;cpu2cash.link;cryptaloot.pro;cryptmonero;crypto-loot.com;crypto-pool;crypto-webminer.com;cryptoloot.pro;d-ns.ga;dataservices.download;directprimal.com;dwarfpool;encoding.ovh;estream.to;eth-pocket.com;eth-pocket.de;eth-pocket.eu;ethereum-pocket.de;ethereum-pocket.eu;ethtrader.de;eu.sushipool.com;f1tbit.com;flnqmin.org;freecontent.bid;freecontent.date;freecontent.loan;freecontent.racing;freecontent.stream;freecontent.win;gnrdomimplementation.com;graftpool.ovh;greenindex.dynamic-dns.net;gustaver.ddns.net;hashrefinery;hashvault.pro;herphemiste.com;hide.ovh;hk.rs;hlpidkr.ru;hodlers.party;hodling.faith;hostingcloud.win;hrfziiddxa.ru;ihdvilappuxpgiv.ru;imhvlhaelvvbrq.ru;insdrbot.com;irrrymucwxjl.ru;istlandoll.com;ivuovhsn.ru;iwanttoearn.money;ixvenhgwukn.ru;jqassets.download;jqr-cdn.download;jqrcdn.download;jquerrycdn.download;jqwww.download;jqxrrygqnagn.ru;jscoinminer.com;jwduahujge.ru;ksimdw.ru;l33tsite.info;laferia.cr;ledhenone.com;ltstyov.ru;mepirtedic.com;mine.bz;minercircle.com;minercry.pt;minergate;minero.cc;miners.pro;minescripts.info;mininghub.club;miningpoolhubcoins;minr.pw;mixpools.org;mmc.center;mollnia.com;monerise.com;monero.lindon-pool.win;monero;moriaxmr.com;munero.me;mxcdn1.now.sh;mxcdn2.now.sh;myadstats.com;mypool.online;nablabee.com;nanopool.org;nathetsof.com;nicehash;nimiqpool.com;nimpool.io;node.philpool.com;npcdn1.now.sh;nunu-001.now.sh;ogondkskyahxa.ru;ogrid.org;oinkinns.tk;olecintri.com;omine.org;onvid.club;open-hive-server-1.pp.ua;oxwwoeukjispema.ru;pcejuyhjucmkiny.ru;pool.nimiq.watch;pool.nimiqchain.info;pool.porkypool.com;pool.xmr;poolto.be;prohash.net;prohash;proj2018.xyz;pzoifaum.info;ratchetmining.com;realnetwrk.com;reauthenticator.com;rove.cl;ruvuryua.ru;s7ven.com;scaleway.ovh;sentemanactri.com;sickrage.ca/ch;sighash.info;slushpool;soodatmish.com;sparechange.io;statdynamic.com;stati.bid;staticsfs.host;streamplay.to;supportxmr;suprnova.cc;svivqrhrh.ru;sxcdn02.now.sh;sxcdn3.now.sh;sxcdn4.now.sh;sxcdn6.now.sh;synconnector.com;teracycle.net;tercabilis.info;thelifeisbinary.ddns.net;thersprens.com;torrent.pw;ulnawoyyzbljc.ru;unrummaged.com;uoldid.ru;usxmrpool;viaxmr.com;vpzccwpyilvoyg.ru;vzzexalcirfgrf.ru;wbmwss.beetv.net;webmine.cz;webmine.pro;webminepool.tk;webminerpool.com;webwidgetz.duckdns.org;wmemsnhgldd.ru;wmtech.website;wmwmwwfmkvucbln.ru;wrxgandsfcz.ru;xmrm.pw;xmrminingproxy.com;xmrpool;yiimp;yuyyio.com;zavzlen.ru;zergpool;zergpoolcoins;ziykrgc.ru;zlx.com.br;zpool C:\Windows\system32\svchost.exe 3389 22 21 5985 false C:\Windows\system32\svchost.exe true 135 445 5985 System svchost.exe 445 System svchost.exe;lsass.exe 389 C:\Windows\System32\lsass.exe 389 127.0.0.1;0:0:0:0:0:0:0:1;fe80:0 EXCH 127.0.0.1;0:0:0:0:0:0:0:1;fe80:0 false notepad.exe 127.0.0.1 \iexplore.exe;\chrome.exe;\firefox.exe;\MicrosoftEdge;browser_broker.exe;\vivaldi.exe;\brave.exe;\opera.exe 80 443 true github githubusercontent.com dropboxapi.com \Dropbox\Client\Dropbox.exe;\Dropbox\bin\Dropbox.exe;\Oracle\Java\ 1drv C:\Program Files\Microsoft OneDrive\OneDrive.exe;\AppData\Local\Microsoft\OneDrive\OneDrive.exe;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe;\Internet Explorer\iexplore.exe;C:\Windows\System32\AppHostRegistrationVerifier.exe;C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe;C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe;C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe;C:\Program Files\Mozilla Firefox\firefox.exe .box.com;upload mega.nz;mega.co.nz privatlab.com tiktok;parler.com;gab.com;mewe.com;4chan;8chan;facebook;fbcdn;twitter;instagram;snapchat efnet;undernet;freenode;ircnet;.rizon;quakenet;oftc.net;dalnet .slack.com;discord.;telegram.;rocketchat.;mattermost.;flock.com apache.exe java.exe w3wp.exe \php-cgi.exe;\php.exe setup tomcat unins unknown process explorer.exe inetinfo.exe netcat.exe;nc.exe;nc64.exe;ncat.exe procdump psexe vnc;vncs;vncv rcpping;tcpping;tcping;routerscan;grabff;Port-Scan;netscan;\nmap;ipscan;nacmdline.exe;advanced_port_scanner.exe;rcpping.exe;nmap.exe;zenmap.exe;advanced_ip_scanner.exe 0 5985 5986 1293 1701 1194 3540 3389 22 1080 3128 8080 1723 23 4500 9001 9030 5900 5800 0 80 443 636 5900 443 \iexplore.exe;\chrome.exe;\firefox.exe;\MicrosoftEdge;browser_broker.exe;\vivaldi.exe;\brave.exe;\opera.exe 80 true \iexplore.exe;\chrome.exe;\firefox.exe;\MicrosoftEdge;browser_broker.exe;\vivaldi.exe;\brave.exe;C:\Program Files\Cavelo\Cavelo Agent\cavelo_windows_amd64.exe;C:\PROGRA~2\BEANYW~1\GETSUP~1\TCIntegratorCommHelper.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe;C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe https true \iexplore.exe;\chrome.exe;\firefox.exe;\MicrosoftEdge;browser_broker.exe;\vivaldi.exe;\brave.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe http true \iexplore.exe;\chrome.exe;\firefox.exe;\MicrosoftEdge;browser_broker.exe;\vivaldi.exe;\brave.exe;\opera.exe 443 true afraid.org;duckdns.org;changeip.com;ddns.net;hopto.org;zapto.org;servehttp.com;sytes.net;whoer.net;bravica.net;ip.webmasterhome.cn;whatsmyip.us;myip.kz;ip-addr.es;curlmyip;anysrc.net;anysrc.net;dlinkddns.com;no-ip.com;no-ip.org;no-ip.biz;no-ip.info;noip.com udp System;svchost.exe;oracle.exe;apache.exe;java.exe;php-cgi.exe;w3wp.exe;httpd;ServerManager.exe;unknown process;sql;wscript;cscript;schtasks;at.exe;reg.exe;C:\Windows\System32\find.exe 127.0.0.1;0:0:0:0:0:0:0:1 127.0.0.1;0:0:0:0:0:0:0:1 C:\Windows\System32\lsass.exe 88 epmap llmnr microsoft-ds netbios-dgm ntp ssdp epmap llmnr microsoft-ds netbios-dgm ntp ssdp 53 67 68 1434 1812 3544 3702 5228 5353 5357 5989 6007 49154 49209 52176 59241 53 67 68 1812 3702 6007 49154 49209 50646 52176 59241 .bing.com .cloudapp.net .lync.com .microsoft.com .outlook.com .search.msn.com .wns.windows.com aps.windows.com arc.msn.com.nsatc.net arc.msn.com atson.telemetry.microsoft.com au.download.windowsupdate.com b.akamaiedge.net bingforbusiness.com client-office365-tas.msedge.net config.edge.skype.com csp.digicert.com ctldl.windowsupdate.com cy2.licensing.md.mp.microsoft.com.akadns.net cy2.settings.data.microsoft.com.akadns.net displaycatalog.mp.microsoft.com download.windowsupdate.com e-msedge.net e3.delivery.dsp.mp.microsoft.com.nsatc.net emdl.ws.microsoft.com ettings-win.data.microsoft.com fe2.update.microsoft.com fe3.delivery.dsp.mp.microsoft.com.nsatc.net fe3.delivery.mp.microsoft.com g.akamaiedge.net g.live.com g.msn.com.nsatc.net geo-prod.do.dsp.mp.microsoft.com geo-prod.dodsp.mp.microsoft.com.nsatc.net ile-service.weather.microsoft.com ip5.afdorigin-prod-am02.afdogw.com ipv4.login.msa.akadns6.net licensing.mp.microsoft.com m3p.wns.notify.windows.com.akadns.net microsoft.com.akadns.net microsoft.com.nsatc.net microsoft.com modern.watson.data.microsoft.com.akadns.net msedge.net msn.com.nsatc.net msn.com ocation-inference-westus.cloudapp.net ocos-office365-s2s.msedge.net ocsp.digicert.com odern.watson.data.microsoft.com.akadns.net oneclient.sfx.ms pv4.login.msa.akadns6.net query.prod.cms.rt.microsoft.com ris.api.iris.microsoft.com.akadns.net ris.api.iris.microsoft.com s-msedge.net settings.data.microsoft.com sfe.trafficshaping.dsp.mp.microsoft.com sls.update.microsoft.com storecatalogrevocation.storequality.microsoft.com storeedgefd.dsx.mp.microsoft.com telecommand.telemetry.microsoft.com.akadns.net tile-service.weather.microsoft.com tlu.dl.delivery.mp.microsoft.com tsfe.trafficshaping.dsp.mp.microsoft.com vip5.afdorigin-prod-am02.afdogw.com vip5.afdorigin-prod-ch02.afdogw.com virtualearth.net windows.net windowsupdate.com y2.displaycatalog.md.mp.microsoft.com.akadns.net y2.licensing.md.mp.microsoft.com.akadns.net y2.settings.data.microsoft.com.akadns.net EdgeTransport.exe MSExchangeDelivery.exe MSExchangeFrontendTransport.exe MSExchangeHMWorker.exe MSExchangeSubmission.exe \ C:\Program Files (x86)\Kaspersky Lab C:\Program Files\Kaspersky Lab C:\Program Files (x86)\ESET C:\Program Files\ESET C:\Program Files\SentinelOne C:\Windows\ \System32\;Syswow64;sysmon.exe;sysmon64.exe C:\Windows\system32\ config\systemprofile\ C:\Windows\sysmon.exe;C:\Windows\sysmon64.exe A:\;B:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;M:\;N:\;O:\;P:\;Q:\;R:\;S:\;T:\;U:\;V:\;W:\;X:\;Y:\;Z:\;AA:\;BB:\;CC:\;DD:\;EE:\;FF:\;GG:\;HH:\;II:\;JJ:\;KK:\;LL:\;MM:\;NN:\;OO:\;PP:\;QQ:\;RR:\;SS:\;TT:\;UU:\;VV:\;WW:\;XX:\;YY;ZZ:\ :\PROGRA~ :\Program Files :\Program Files :\Program Files :\ProgramData\ :\Users\ :\Windows\ :\inetpub\ :\$SysReset :\$WinREAgent :\inetpub\ \ C:\Users\ C:\ProgramData\ C:\ProgramData\sysmon\sysmon64.exe;C:\ProgramData\sysmon\sysmon.exe;C:\ProgramData\Cavelo\jre\bin\java.exe C:\Program Files;C:\PROGRA~ C:\Program Files\SentinelOne\ C:\Program Files (x86)\N-Able Technologies\AutomationManagerEngine\2.70.0.4\AutomationManager.ScriptRunner64.exe;C:\PROGRA~2\BEANYW~1\GETSUP~1\TCIntegratorCommHelper.exe;C:\Program Files\Cavelo\Cavelo Agent\osqueryi.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\NASafeExec.exe C:\inetpub\ $RECYCLE.BIN packetbeat.exe;metricbeat.exe;filebeat.exe;winlogbeat.exe;o365beat.exe;graylog-sidecar.exe;graylog-collector-sidecar.exe;splunkd.exe;splunk.exe;syslogng.exe;syslog-ng.exe;nxlog-processor.exe;snarecore.exe;fluentd;td-agent;lpagent.exe C:\Windows\system32\config\systemprofile\ C:\Windows\sysWOW64\config\systemprofile\ \Temp\ C:\Users\ Microsoft\Teams\current\Teams.exe \git.exe Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\ProgramData\Lenovo\ImController\ 56ceb6d0011d87b6e4d7023d7ef85676;4f2eb62fa529c0283b28d05ddd311fae;b91ce2fa41029f6955bff20079468448;b91ce2fa41029f6955bff20079468448;846e27a652a5e1bfbd0ddd38a16dc865;2c4a910a1299cdae2a4e55988a2f102e 0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5;c948ae14761095e4d76b55d9de86412258be7afd;c996d7971c49252c582171d9380360f2;ddbf5ecca5c8086afde1fb4f551e9e6400e94f4428fe7fb5559da5cffa654cc1;10b30bdee43b3a2ec4aa63375577ade650269d25;d2fd132ab7bbc6bbb87a84f026fa0244 DumpExt.dll mimidrv lsremora wceaux.dll npcap \Temp :\Users ChongKim Chan ? Revoked Unavailable Valid false SHA1=2261198385d62d2117f50f631652eded0ecc71db SHA1=8db869c0674221a2d3280143cbb0807fac08e0cc SHA1=27d3ebea7655a72e6e8b95053753a25db944ec0f SHA1=33cdab3bbc8b3adce4067a1b042778607dce2acd SHA1=21e6c104fe9731c874fab5c9560c929b2857b918 SHA1=d979353d04bf65cc92ad3412605bc81edbb75ec2 SHA1=2f991435a6f58e25c103a657d24ed892b99690b8 SHA1=f02af84393e9627ba808d4159841854a6601cf80 SHA1=bb962c9a8dda93e94fef504c4159de881e4706fe SHA1=b97a8d506be2e7eaa4385f70c009b22adbd071ba SHA1=92f251358b3fe86fd5e7aa9b17330afa0d64a705 SHA1=8b6aa5b2bff44766ef7afbe095966a71bc4183fa SHA1=af6e1f2cfb230907476e8b2d676129b6d6657124 SHA1=fcde5275ee1913509927ce5f0f85e6681064c9d2 SHA1=00a442a4305c62cefa8105c0b4c4a9a5f4d1e93b SHA1=6523b3fd87de39eb5db1332e4523ce99556077dc SHA1=72966ca845759d239d09da0de7eebe3abe86fee3 SHA1=57511ef5ff8162a9d793071b5bf7ebe8371759de SHA1=2d503a2457a787014a1fdd48a2ece2e6cbe98ea7 SHA1=400f833dcc2ef0a122dd0e0b1ec4ec929340d90e SHA1=89cd760e8cb19d29ee08c430fb17a5fd4455c741 SHA1=1d0df45ee3fa758f0470e055915004e6eae54c95 SHA1=d5fd9fe10405c4f90235e583526164cd0902ed86 SHA1=c52cef5b9e1d4a78431b7af56a6fdb6aa1bcad65 SHA1=609fa1efcf61e26d64a5ceb13b044175ab2b3a13 SHA1=7d7c03e22049a725ace2a9812c72b53a66c2548b SHA1=f9519d033d75e1ab6b82b2e156eafe9607edbcfb SHA1=468e2e5505a3d924b14fedee4ddf240d09393776 SHA1=2e3de9bff43d7712707ef8a0b10f7e4ad8427fd8 SHA1=c9cbfdd0be7b35751a017ec59ff7237ffdc4df1f SHA1=078ae07dec258db4376d5a2a05b9b508d68c0123 SHA1=623cd2abef6c92255f79cbbd3309cb59176771da SHA1=1f3a9265963b660392c4053329eb9436deeed339 SHA1=4a235f0b84ff615e2879fa9e0ec0d745fcfdaa5c SHA1=ace6b9e34e3e2e73fe584f3bbdb4e4ec106e0a7d SHA1=4268f30b79ce125a81d0d588bef0d4e2ad409bbb SHA1=c834c4931b074665d56ccab437dfcc326649d612 SHA1=8f5cd4a56e6e15935491aa40adb1ecad61eafe7c SHA1=51b60eaa228458dee605430aae1bc26f3fc62325 SHA1=3270720a066492b046d7180ca6e60602c764cac7 SHA1=2a6e6bd51c7062ad24c02a4d2c1b5e948908d131 SHA1=19bd488fe54b011f387e8c5d202a70019a204adf SHA1=a6fe4f30ca7cb94d74bc6d42cdd09a136056952e SHA1=ea877092d57373cb466b44e7dbcad4ce9a547344 SHA1=205c69f078a563f54f4c0da2d02a25e284370251 SHA1=f9feb60b23ca69072ce42264cd821fe588a186a6 SHA1=b25170e09c9fb7c0599bfba3cf617187f6a733ac SHA1=160c96b5e5db8c96b821895582b501e3c2d5d6e7 SHA1=a2e0b3162cfa336cd4ab40a2acc95abe7dc53843 SHA1=4e826430a1389032f3fe06e2cc292f643fb0c417 SHA1=7ab4565ba24268f0adadb03a5506d4eb1dc7c181 SHA1=dc7b022f8bd149efbcb2204a48dce75c72633526 SHA1=0307d76750dd98d707c699aee3b626643afb6936 SHA1=5711c88e9e64e45b8fc4b90ab6f2dd6437dc5a8a SHA1=6714380bc0b8ab09b9a0d2fa66d1b025b646b946 SHA1=8626ab1da6bfbdf61bd327eb944b39fd9df33d1d SHA1=30a224b22592d952fbe2e6ad97eda4a8f2c734e0 SHA1=c95db1e82619fb16f8eec9a8209b7b0e853a4ebe SHA1=fe1d909ab38de1389a2a48352fd1c8415fd2eab0 SHA1=b4d1554ec19504215d27de0758e13c35ddd6db3e SHA1=5dd2c31c4357a8b76db095364952b3d0e3935e1d SHA1=ecb4d096a9c58643b02f328d2c7742a38e017cf0 SHA1=4a705af959af61bad48ef7579f839cb5ebd654d2 SHA1=d2e6fc9259420f0c9b6b1769be3b1f63eb36dc57 SHA1=c948ae14761095e4d76b55d9de86412258be7afd SHA1=ddbe809b731a0962e404a045ab9e65a0b64917ad SHA1=745bad097052134548fe159f158c04be5616afc2 SHA1=8d59fd14a445c8f3f0f7991fa6cd717d466b3754 SHA1=2dfcb799b3c42ecb0472e27c19b24ac7532775ce SHA1=cc51be79ae56bc97211f6b73cc905c3492da8f9d SHA1=ac13941f436139b909d105ad55637e1308f49d9a SHA1=2b0bb408ff0e66bcdf6574f1ca52cbf4015b257b SHA1=cc0e0440adc058615e31e8a52372abadf658e6b1 SHA1=5520ac25d81550a255dc16a0bb89d4b275f6f809 SHA1=6afc6b04cf73dd461e4a4956365f25c1f1162387 SHA1=4b009e91bae8d27b160dc195f10c095f8a2441e1 SHA1=6003184788cd3d2fc624ca801df291ccc4e225ee SHA1=0466e90bf0e83b776ca8716e01d35a8a2e5f96d3 SHA1=e6305dddd06490d7f87e3b06d09e9d4c1c643af0 SHA1=89909fa481ff67d7449ee90d24c167b17b0612f1 SHA1=d7e8aef8c8feb87ce722c0b9abf34a7e6bab6eb4 SHA1=5e6ddd2b39a3de0016385cbd7aa50e49451e376d SHA1=976777d39d73034df6b113dfce1aa6e1d00ffcfd SHA1=9c6749fc6c1127f8788bff70e0ce9062959637c9 SHA1=53acd4d9e7ba0b1056cf52af0d191f226eddf312 SHA1=3abb9d0a9d600200ae19c706e570465ef0a15643 SHA1=27eab595ec403580236e04101172247c4f5d5426 SHA1=78b9481607ca6f3a80b4515c432ddfe6550b18a8 SHA1=414cd15d6c991d19fb5be02e3b9fb0e6c5ce731c SHA1=d9c09dd725bc7bc3c19b4db37866015817a516ef SHA1=9c256edd10823ca76c0443a330e523027b70522d SHA1=35829e096a15e559fcbabf3441d99e580ca3b26e SHA1=b8de3a1aeeda9deea43e3f768071125851c85bd0 SHA1=054a50293c7b4eea064c91ef59cf120d8100f237 SHA1=d94f2fb3198e14bfe69b44fb9f00f2551f7248b2 SHA1=01a578a3a39697c4de8e3dab04dba55a4c35163e SHA1=14bf0eaa90e012169745b3e30c281a327751e316 SHA1=f50c6b84dfb8f2d53ba3bce000a55f0a486c0e79 SHA1=6100eb82a25d64a7a7702e94c2b21333bc15bd08 SHA1=bf87e32a651bdfd9b9244a8cf24fca0e459eb614 SHA1=28b1c0b91eb6afd2d26b239c9f93beb053867a1a SHA1=879fcc6795cebe67718388228e715c470de87dca SHA1=1f7501e01d84a2297c85cb39880ec4e40ac3fe8a SHA1=152b6bb9ffd2ffec00cc46f5c6e29362d0e66e67 SHA1=5f8356ffa8201f338dd2ea979eb47881a6db9f03 SHA1=a7bd05de737f8ea57857f1e0845a25677df01872 SHA1=cce9b82f01ec68f450f5fe4312f40d929c6a506e SHA1=e35a2b009d54e1a0b231d8a276251f64231b66a3 SHA1=37364cb5f5cefd68e5eca56f95c0ab4aff43afcc SHA1=d62fa51e520022483bdc5847141658de689c0c29 SHA1=93aa3bb934b74160446df3a47fa085fd7f3a6be9 SHA1=ec4cc6de4c779bb1ca1dd32ee3a03f7e8d633a9b SHA1=35f1ba60ba0da8512a0b1b15ee8e30fe240d77cd SHA1=3805e4e08ad342d224973ecdade8b00c40ed31be SHA1=65d8a7c2e867b22d1c14592b020c548dd0665646 SHA1=c8d87f3cd34c572870e63a696cf771580e6ea81b SHA1=c4d7fb9db3c3459f7e8c0e3d48c95c7c9c4cff60 SHA1=d34a7c497c603f3f7fcad546dc4097c2da17c430 SHA1=1fd7f881ea4a1dbb5c9aeb9e7ad659a85421745b SHA1=0b8b83f245d94107cb802a285e6529161d9a834d SHA1=c969f1f73922fd95db1992a5b552fbc488366a40 SHA1=ac600a2bc06b312d92e649b7b55e3e91e9d63451 SHA1=da9cea92f996f938f699902482ac5313d5e8b28e SHA1=33285b2e97a0aeb317166cce91f6733cf9c1ad53 SHA1=21edff2937eb5cd6f6b0acb7ee5247681f624260 SHA1=f052dc35b74a1a6246842fbb35eb481577537826 SHA1=f0c463d29a5914b01e4607889094f1b7d95e7aaf SHA1=0c26ab1299adcd9a385b541ef1653728270aa23e SHA1=f36a47edfacd85e0c6d4d22133dd386aee4eec15 SHA1=460008b1ffd31792a6deadfa6280fb2a30c8a5d2 SHA1=738b7918d85e5cb4395df9e3f6fc94ddad90e939 SHA1=43419df1f9a07430a18c5f3b3cc74de621be0f8e SHA1=558aad879b6a47d94a968f39d0a4e3a3aaef1ef1 SHA1=7fb52290883a6b69a96d480f2867643396727e83 SHA1=f5696fb352a3fbd14fb1a89ad21a71776027f9ab SHA1=693a2645c28fc3b248fda95179c36c3ac64f6fc2 SHA1=05c0c49e8bcf11b883d41441ce87a2ee7a3aba1d SHA1=d25340ae8e92a6d29f599fef426a2bc1b5217299 SHA1=7c1b25518dee1e30b5a6eaa1ea8e4a3780c24d0c SHA1=fe10018af723986db50701c8532df5ed98b17c39 SHA1=bfe55cacc7c56c9f7bd75bdb4b352c0b745d071b SHA1=a21c84c6bf2e21d69fa06daaf19b4cc34b589347 SHA1=82ba5513c33e056c3f54152c8555abf555f3e745 SHA1=d098600152e5ee6a8238d414d2a77a34da8afaaa SHA1=64e4ac8b9ea2f050933b7ec76a55dd04e97773b4 SHA1=bbc1e5fd826961d93b76abd161314cb3592c4436 SHA1=90a76945fd2fa45fab2b7bcfdaf6563595f94891 SHA1=b03b1996a40bfea72e4584b82f6b845c503a9748 SHA1=c771ea59f075170e952c393cfd6fc784b265027c SHA1=cb44c6f0ee51cb4c5836499bc61dd6c1fbdf8aa1 SHA1=0918277fcdc64a9dc51c04324377b3468fa1269b SHA1=b09bcc042d60d2f4c0d08284818ed198cededa04 SHA1=8dc2097a90eb7e9d6ee31a7c7a95e7a0b2093b89 SHA1=15df139494d2c40a645fb010908551185c27f3c5 SHA1=012db3a80faf1f7f727b538cbe5d94064e7159de SHA1=d04e5db5b6c848a29732bfd52029001f23c3da75 SHA1=490109fa6739f114651f4199196c5121d1c6bdf2 SHA1=b4d014b5edd6e19ce0e8395a64faedf49688ecb5 SHA1=a87d6eac2d70a3fbc04e59412326b28001c179de SHA1=3f223581409492172a1e875f130f3485b90fbe5f SHA1=5db61d00a001fd493591dc919f69b14713889fc5 SHA1=9923c8f1e565a05b3c738d283cf5c0ed61a0b90f SHA1=15d1a6a904c8409fb47a82aefa42f8c3c7d8c370 SHA1=9d07df024ec457168bf0be7e0009619f6ac4f13c SHA1=9a35ae9a1f95ce4be64adc604c80079173e4a676 SHA1=c6bd965300f07012d1b651a9b8776028c45b149a SHA1=e83458c4a6383223759cd8024e60c17be4e7c85f SHA1=cb3de54667548a5c9abf5d8fa47db4097fcee9f1 SHA1=9c24dd75e4074041dbe03bf21f050c77d748b8e9 SHA1=dc55217b6043d819eadebd423ff07704ee103231 SHA1=e92817a8744ebc4e4fa5383cdce2b2977f01ecd4 SHA1=dc0e97adb756c0f30b41840a59b85218cbdd198f SHA1=26c4a7b392d7e7bd7f0a2a758534e45c0d9a56ab SHA1=d0d39e1061f30946141b6ecfa0957f8cc3ddeb63 SHA1=c6d349823bbb1f5b44bae91357895dba653c5861 SHA1=f42f28d164205d9f6dab9317c9fecad54c38d5d2 SHA1=bbc0b9fd67c8f4cefa3d76fcb29ff3cef996b825 SHA1=8183a341ba6c3ce1948bf9be49ab5320e0ee324d SHA1=eb1ecad3d37bb980f908bf1a912415cff32e79e6 SHA1=eb0d45aa6f537f5b2f90f3ad99013606eafcd162 SHA1=6053d258096bccb07cb0057d700fe05233ab1fbb SHA1=29a190727140f40cea9514a6420f5a195e36386b SHA1=a4b2c56c12799855162ca3b004b4b2078c6ecf77 SHA1=7667b72471689151e176baeba4e1cd9cd006a09a SHA1=d7f7594ff084201c0d9fa2f4ef1626635b67bce5 SHA1=99201c9555e5faf6e8d82da793b148311f8aa4b8 SHA1=947db58d6f36a8df9fa2a1057f3a7f653ccbc42e SHA1=6a3d3b9ab3d201cd6b0316a7f9c3fb4d34d0f403 SHA1=d702d88b12233be9413446c445f22fda4a92a1d9 SHA1=910cb12aa49e9f35ecc4907e8304adf0dcca8cf1 SHA1=643383938d5e0d4fd30d302af3e9293a4798e392 SHA1=c4ed28fdfba7b8a8dfe39e591006f25d39990f07 SHA1=b0032b8d8e6f4bd19a31619ce38d8e010f29a816 SHA1=db6245578ec57bd767b27ecf8085095e1c8e5a6e SHA1=166759fd511613414d3213942fe2575b926a6226 SHA1=02a8b74899591da7b7f49c0450328d39b939d7e4 SHA1=98ceed786f79288becc08c3b82c57e8d4bfa1bca SHA1=f6b3577ea4b1a5641ae3421151a26268434c3db8 SHA1=4de33d03fee52f396a1c788000ca868d56ac30de SHA1=c6920171fa6dff2c17eb83befb5fd28e8dddf5f0 SHA1=fbc6d2448739ddec35bb5d6c94b46df4148f648d SHA1=6b54f8f137778c1391285fee6150dfa58a8120b1 SHA1=943593e880b4d340f2548548e6e673ef6f61eed3 SHA1=5ac4d0e2381fc4a8aebe94a0fb6fe5e7558e4dcd SHA1=e44297a2b750ec1958bef265e2f1ae6fa4323b28 SHA1=aa2ea973bb248b18973e57339307cfb8d309f687 SHA1=3a5d176c50f97b71d139767ed795d178623f491d SHA1=25d812a5ece19ea375178ef9d60415841087726e SHA1=3795e32592ab6d8074b6f7ad33759c6a39b0df07 SHA1=fc121ed6fb37e97a004b6faf217435b772dfc4c0 SHA1=ab2b8602e4baef828b58b995d0889a8e5b8dbd02 SHA1=cf040040628b58f4a811f98c2690913c1e8e4e3c SHA1=3296844d22c87dd5eba3aa378a8242b41d59db7a SHA1=bc47e15537fa7c32dfefd23168d7e1741f8477ed SHA1=cb22723faa5ae2809476e5c5e9b9a597b26cab9b SHA1=f3c5e723ae009b336cd2719137b8cd194c9ee51d SHA1=41f2d0f9863bce8920c207b1ef5d3d32b603edef SHA1=eb93d2f564fea9b3dc350f386b45de2cd9a3e001 SHA1=3cd037fbba8aae82c1b111c9f8755349c98bcb3c SHA1=9401389fba314d1810f83edce33c37e84a78e112 SHA1=7eb34cc1fcffb4fdb5cb7e97184dd64a65cb9371 SHA1=16d7ecf09fc98798a6170e4cef2745e0bee3f5c7 SHA1=fcd615df88645d1f57ff5702bd6758b77efea6d0 SHA1=f3db629cfe37a73144d5258e64d9dd8b38084cf4 SHA1=a00e444120449e35641d58e62ed64bb9c9f518d2 SHA1=38571f14fc014487194d1eecfa80561ee8644e09 SHA1=4d41248078181c7f61e6e4906aa96bbdea320dc2 SHA1=3599ea2ac1fa78f423423a4cf90106ea0938dde8 SHA1=3d6d53b0f1cc908b898610227b9f1b9352137aba SHA1=4c18754dca481f107f0923fb8ef5e149d128525d SHA1=8c377ab4eebc5f4d8dd7bb3f90c0187dfdd3349f SHA1=cde32654a041fedc7b0fa1083f6005b950760062 SHA1=5fb9421be8a8b08ec395d05e00fd45eb753b593a SHA1=b480c54391a2a2f917a44f91a5e9e4590648b332 SHA1=4f7a8e26a97980544be634b26899afbefb0a833c SHA256=05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748 SHA256=4045AE77859B1DBF13972451972EAAF6F3C97BEA423E9E78F1C2F14330CD47CA SHA256=6948480954137987A0BE626C24CF594390960242CD75F094CD6AAA5C2E7A54FA SHA256=8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F SHA256=B1D96233235A62DBB21B8DBE2D1AE333199669F67664B107BFF1AD49B41D9414 SHA256=7196187FB1EF8D108B380D37B2AF8EFDEB3CA1F6EEFD37B5DC114C609147216D SHA256=7F375639A0DF7FE51E5518CF87C3F513C55BC117DB47D28DA8C615642EB18BFA SHA256=42579A759F3F95F20A2C51D5AC2047A2662A2675B3FB9F46C1ED7F23393A0F00 SHA256=2DA330A2088409EFC351118445A824F11EDBE51CF3D653B298053785097FE40E SHA256=436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 SHA256=B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 SHA256=DDE6F28B3F7F2ABBEE59D4864435108791631E9CB4CDFB1F178E5AA9859956D8 SHA256=B48A309EE0960DA3CAAAAF1E794E8C409993AEB3A2B64809F36B97AAC8A1E62A SHA256=025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 SHA256=2AA1B08F47FBB1E2BD2E4A492F5D616968E703E1359A921F62B38B8E4662F0C4 SHA256=ECE0A900EA089E730741499614C0917432246CEB5E11599EE3A1BB679E24FD2C SHA256=F40435488389B4FB3B945CA21A8325A51E1B5F80F045AB019748D0EC66056A8B SHA256=2A652DE6B680D5AD92376AD323021850DAB2C653ABF06EDF26120F7714B8E08A SHA256=950A4C0C772021CEE26011A92194F0E58D61588F77F2873AA0599DFF52A160C9 SHA256=0AAFA9F47ACF69D46C9542985994FF5321F00842A28DF2396D4A3076776A83CB SHA256=47F08F7D30D824A8F4BB8A98916401A37C0FD8502DB308ABA91FE3112B892DCC SHA256=B9A4E40A5D80FEDD1037EAED958F9F9EFED41EB01ADA73D51B5DCD86E27E0CBF SHA256=5C04C274A708C9A7D993E33BE3EA9E6119DC29527A767410DBAF93996F87369A SHA256=0040153302B88BEE27EB4F1ECA6855039E1A057370F5E8C615724FA5215BADA3 SHA256=3326E2D32BBABD69FEB6024809AFC56C7E39241EBE70A53728C77E80995422A5 SHA256=36B9E31240AB0341873C7092B63E2E0F2CAB2962EBF9B25271C3A1216B7669EB SHA256=29E0062A017A93B2F2F5207A608A96DF4D554C5DE976BD0276C2590A03BD3E94 SHA256=45ABDBCD4C0916B7D9FAAF1CD08543A3A5178871074628E0126A6EDA890D26E0 SHA256=50DB5480D0392A7DD6AB5DF98389DC24D1ED1E9C98C9C35964B19DABCD6DC67F SHA256=607DC4C75AC7AEF82AE0616A453866B3B358C6CF5C8F9D29E4D37F844306B97C SHA256=61D6E40601FA368800980801A662A5B3B36E3C23296E8AE1C85726A56EF18CC8 SHA256=74A846C61ADC53692D3040AFF4C1916F32987AD72B07FE226E9E7DBEFF1036C4 SHA256=76FB4DEAEE57EF30E56C382C92ABFFE2CF616D08DBECB3368C8EE6B02E59F303 SHA256=81939E5C12BD627FF268E9887D6FB57E95E6049F28921F3437898757E7F21469 SHA256=9790A7B9D624B2B18768BB655DDA4A05A9929633CEF0B1521E79E40D7DE0A05B SHA256=9A1D66036B0868BBB1B2823209FEDEA61A301D5DD245F8E7D390BD31E52D663E SHA256=AA9AB1195DC866270E984F1BED5E1358D6EF24C515DFDB6C2A92D1E1B94BF608 SHA256=AF095DE15A16255CA1B2C27DAD365DFF9AC32D2A75E8E288F5A1307680781685 SHA256=D5586DC1E61796A9AE5E5D1CED397874753056C3DF2EB963A8916287E1929A71 SHA256=D8459F7D707C635E2C04D6D6D47B63F73BA3F6629702C7A6E0DF0462F6478AE2 SHA256=E81230217988F3E7EC6F89A06D231EC66039BDBA340FD8EBB2BBB586506E3293 SHA256=F88EBB633406A086D9CCA6BC8B66A4EA940C5476529F9033A9E0463512A23A57 SHA256=1C8DFA14888BB58848B4792FB1D8A921976A9463BE8334CFF45CC96F1276049A SHA256=22418016E980E0A4A2D01CA210A17059916A4208352C1018B0079CCB19AAF86A SHA256=405472A8F9400A54BB29D03B436CCD58CFD6442FE686F6D2ED4F63F002854659 SHA256=49F75746EEBE14E5DB11706B3E58ACCC62D4034D2F1C05C681ECEF5D1AD933BA SHA256=4A3D4DB86F580B1680D6454BAEE1C1A139E2DDE7D55E972BA7C92EC3F555DCE2 SHA256=4AB41816ABBF14D59E75B7FAD49E2CB1C1FEB27A3CB27402297A2A4793FF9DA7 SHA256=54841D9F89E195196E65AA881834804FE3678F1CF6B328CAB8703EDD15E3EC57 SHA256=5EE292B605CD3751A24E5949AAE615D472A3C72688632C3040DC311055B75A92 SHA256=76B86543CE05540048F954FED37BDDA66360C4A3DDB8328213D5AEF7A960C184 SHA256=7F190F6E5AB0EDAFD63391506C2360230AF4C2D56C45FC8996A168A1FC12D457 SHA256=845F1E228DE249FC1DDF8DC28C39D03E8AD328A6277B6502D3932E83B879A65A SHA256=84BF1D0BCDF175CFE8AEA2973E0373015793D43907410AE97E2071B2C4B8E2D4 SHA256=8EF0AD86500094E8FA3D9E7D53163AA6FEEF67C09575C169873C494ED66F057F SHA256=A56C2A2425EB3A4260CC7FC5C8D7BED7A3B4CD2AF256185F24471C668853AEE8 SHA256=AC3F613D457FC4D44FA27B2E0B1BAA62C09415705EFB5A40A4756DA39B3AC165 SHA256=B1334A71CC73B3D0C54F62D8011BEC330DFC355A239BF94A121F6E4C86A30A2E SHA256=B47BE212352D407D0EF7458A7161C66B47C2AEC8391DD101DF11E65728337A6A SHA256=B9B3878DDC5DFB237D38F8D25067267870AFD67D12A330397A8853209C4D889C SHA256=DB90E554AD249C2BD888282ECF7D8DA4D1538DD364129A3327B54F8242DD5653 SHA256=E61A54F6D3869B43C4ECEAC3016DF73DF67CCE03878C5A6167166601C5D3F028 SHA256=3871E16758A1778907667F78589359734F7F62F9DC953EC558946DCDBE6951E3 SHA256=DED2927F9A4E64EEFD09D0CABA78E94F309E3A6292841AE81D5528CAB109F95D SHA256=0296E2CE999E67C76352613A718E11516FE1B0EFC3FFDB8918FC999DD76A73A5 SHA256=80CBBA9F404DF3E642F22C476664D63D7C229D45D34F5CD0E19C65EB41BECEC3 SHA256=BB50818A07B0EB1BD317467139B7EB4BAD6CD89053FECDABFEAE111689825955 SHA256=FF6729518A380BF57F1BC6F1EC0AA7F3012E1618B8D9B0F31A61D299EE2B4339 SHA256=3A5EC83FE670E5E23AEF3AFA0A7241053F5B6BE5E6CA01766D6B5F9177183C25 SHA256=61A1BDDDD3C512E681818DEBB5BEE94DB701768FC25E674FCAD46592A3259BD0 SHA256=07B6D69BAFCFD767F1B63A490A8843C3BB1F8E1BBEA56176109B5743C8F7D357 SHA256=21CCDD306B5183C00ECFD0475B3152E7D94B921E858E59B68A03E925D1715F21 SHA256=2D83CCB1AD9839C9F5B3F10B1F856177DF1594C66CBBC7661677D4B462EBF44D SHA256=F581DECC2888EF27EE1EA85EA23BBB5FB2FE6A554266FF5A1476ACD1D29D53AF SHA256=F8965FDCE668692C3785AFA3559159F9A18287BC0D53ABB21902895A8ECF221B SHA256=3D23BDBAF9905259D858DF5BF991EB23D2DC9F4ECDA7F9F77839691ACEF1B8C4 SHA256=DD4A1253D47DE14EF83F1BC8B40816A86CCF90D1E624C5ADF9203AE9D51D4097 SHA256=509628B6D16D2428031311D7BD2ADD8D5F5160E9ECC0CD909F1E82BBBB3234D6 SHA256=525D9B51A80CA0CD4C5889A96F857E73F3A80DA1FFBAE59851E0F51BDFB0B6CD SHA256=6DE84CAA2CA18673E01B91AF58220C60AECD5CCCF269725EC3C7F226B2167492 SHA256=09BEDBF7A41E0F8DABE4F41D331DB58373CE15B2E9204540873A1884F38BDDE1 SHA256=101402D4F5D1AE413DED499C78A5FCBBC7E3BAE9B000D64C1DD64E3C48C37558 SHA256=131D5490CEB9A5B2324D8E927FEA5BECFC633015661DE2F4C2F2375A3A3B64C6 SHA256=1DDFE4756F5DB9FB319D6C6DA9C41C588A729D9E7817190B027B38E9C076D219 SHA256=1E8B0C1966E566A523D652E00F7727D8B0663F1DFDCE3B9A09B9ADFAEF48D8EE SHA256=2BBE65CBEC3BB069E92233924F7EE1F95FFA16173FCEB932C34F68D862781250 SHA256=30706F110725199E338E9CC1C940D9A644D19A14F0EB8847712CBA4CACDA67AB SHA256=3124B0411B8077605DB2A9B7909D8240E0D554496600E2706E531C93C931E1B5 SHA256=38FA0C663C8689048726666F1C5E019FEAA9DA8278F1DF6FF62DA33961891D2A SHA256=39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E SHA256=3D9E83B189FCF5C3541C62D1F54A0DA0A4E5B62C3243D2989AFC46644056C8E3 SHA256=3F2FDA9A7A9C57B7138687BBCE49A2E156D6095DDDABB3454EA09737E02C3FA5 SHA256=47F0CDAA2359A63AD1389EF4A635F1F6EEE1F63BDF6EF177F114BDCDADC2E005 SHA256=50D5EAA168C077CE5B7F15B3F2C43BD2B86B07B1E926C1B332F8CB13BD2E0793 SHA256=56A3C9AC137D862A85B4004F043D46542A1B61C6ACB438098A9640469E2D80E7 SHA256=591BD5E92DFA0117B3DAA29750E73E2DB25BAA717C31217539D30FFB1F7F3A52 SHA256=5D530E111400785D183057113D70623E17AF32931668AB7C7FC826F0FD4F91A3 SHA256=6F1FF29E2E710F6D064DC74E8E011331D807C32CC2A622CBE507FD4B4D43F8F4 SHA256=79E2D37632C417138970B4FEBA91B7E10C2EA251C5EFE3D1FC6FA0190F176B57 SHA256=85866E8C25D82C1EC91D7A8076C7D073CCCF421CF57D9C83D80D63943A4EDD94 SHA256=89B0017BC30CC026E32B758C66A1AF88BD54C6A78E11EC2908FF854E00AC46BE SHA256=9254F012009D55F555418FF85F7D93B184AB7CB0E37AECDFDAB62CFE94DEA96B SHA256=984A77E5424C6D099051441005F2938AE92B31B5AD8F6521C6B001932862ADD7 SHA256=98B734DDA78C16EBCAA4AFEB31007926542B63B2F163B2F733FA0D00DBB344D8 SHA256=99F4994A0E5BD1BF6E3F637D3225C69FF4CD620557E23637533E7F18D7D6CBA1 SHA256=9C10E2EC4F9EF591415F9A784B93DC9C9CDAFA7C69602C0DC860C5B62222E449 SHA256=A961F5939088238D76757669A9A81905E33F247C9C635B908DAAC146AE063499 SHA256=A9706E320179993DADE519A83061477ACE195DAA1B788662825484813001F526 SHA256=B7A20B5F15E1871B392782C46EBCC897929443D82073EE4DCB3874B6A5976B5D SHA256=CC586254E9E89E88334ADEE44E332166119307E79C2F18F6C2AB90CE8BA7FC9B SHA256=CD4A249C3EF65AF285D0F8F30A8A96E83688486AAB515836318A2559757A89BB SHA256=CF4B5FA853CE809F1924DF3A3AE3C4E191878C4EA5248D8785DC7E51807A512B SHA256=D0BD1AE72AEB5F3EABF1531A635F990E5EAAE7FDD560342F915F723766C80889 SHA256=D8B58F6A89A7618558E37AFC360CD772B6731E3BA367F8D58734ECEE2244A530 SHA256=D92EAB70BCECE4432258C9C9A914483A2267F6AB5CE2630048D3A99E8CB1B482 SHA256=E005E8D183E853A27AD3BB56F25489F369C11B0D47E3D4095AAD9291B3343BF1 SHA256=E68D453D333854787F8470C8BAEF3E0D082F26DF5AA19C0493898BCF3401E39A SHA256=E83908EBA2501A00EF9E74E7D1C8B4FF1279F1CD6051707FD51824F87E4378FA SHA256=EF86C4E5EE1DBC4F81CD864E8CD2F4A2A85EE4475B9A9AB698A4AE1CC71FBEB0 SHA256=F088B2BA27DACD5C28F8EE428F1350DCA4BC7C6606309C287C801B2E1DA1A53D SHA256=FD8669794C67B396C12FC5F08E9C004FDF851A82FAF302846878173E4FBECB03 SHA256=91314768DA140999E682D2A290D48B78BB25A35525EA12C1B1F9634D14602B2C SHA256=F0605DDA1DEF240DC7E14EFA73927D6C6D89988C01EA8647B671667B2B167008 SHA256=6CB51AE871FBD5D07C5AAD6FF8EEA43D34063089528603CA9CEB8B4F52F68DDC SHA256=DB2A9247177E8CDD50FE9433D066B86FFD2A84301AA6B2EB60F361CFFF077004 SHA256=7EC93F34EB323823EB199FBF8D06219086D517D0E8F4B9E348D7AFD41EC9FD5D SHA256=7049F3C939EFE76A5556C2A2C04386DB51DAF61D56B679F4868BB0983C996EBB SHA256=7877C1B0E7429453B750218CA491C2825DAE684AD9616642EFF7B41715C70ACA SHA256=159E7C5A12157AF92E0D14A0D3EA116F91C09E21A9831486E6DC592C93C10980 SHA256=3243AAB18E273A9B9C4280A57AECEF278E10BFFF19ABB260D7A7820E41739099 SHA256=7CFA5E10DFF8A99A5D544B011F676BC383991274C693E21E3AF40CF6982ADB8C SHA256=C9B49B52B493B53CD49C12C3FA9553E57C5394555B64E32D1208F5B96A5B8C6E SHA256=3EC5AD51E6879464DFBCCB9F4ED76C6325056A42548D5994BA869DA9C4C039A8 SHA256=47EAEBC920CCF99E09FC9924FEB6B19B8A28589F52783327067C9B09754B5E84 SHA256=1aaf4c1e3cb6774857e2eef27c17e68dc1ae577112e4769665f516c2e8c4e27b SHA256=e6056443537d4d2314dabca1b9168f1eaaf17a14eb41f6f5741b6b82b3119790 SHA256=76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22 SHA256=6c7120e40fc850e4715058b233f5ad4527d1084a909114fd6a36b7b7573c4a44 SHA256=2e6b339597a89e875f175023ed952aaac64e9d20d457bbc07acf1586e7fe2df8 SHA256=71fe5af0f1564dc187eea8d59c0fbc897712afa07d18316d2080330ba17cf009 SHA256=39937d239220c1b779d7d55613de2c0a48bd6e12e0214da4c65992b96cf591df SHA256=7ed26a593524a2a92ffcfb075a42bb4fa4775ffbf83af98525244a4710886ead SHA256=aa717e9ab4d614497df19f602d289a6eddcdba8027c71bcc807780a219347d16 SHA256=ff5f6048a3d6f6738b60e911e3876fcbdc9a02ec9862f909345c8a50fd4cc0a7 SHA256=11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5 SHA256=58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495 SHA256=01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd SHA256=22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c SHA256=31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427 SHA256=952199C28332BC90CFD74530A77EE237967ED32B3C71322559C59F7A42187DC4 SHA256=9529EFB1837B1005E5E8F477773752078E0A46500C748BC30C9B5084D04082E6 SHA256=A7B000ABBCC344444A9B00CFADE7AA22AB92CE0CADEC196C30EB1851AE4FA062 SHA256=4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b SHA256=01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece SHA256=9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374 SHA256=06bda5a1594f7121acd2efe38ccb617fbc078bb9a70b665a5f5efd70e3013f50 SHA256=cbb8239a765bf5b2c1b6a5c8832d2cab8fef5deacadfb65d8ed43ef56d291ab6 SHA256=d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e SHA256=a7c2e7910942dd5e43e2f4eb159bcd2b4e71366e34a68109548b9fb12ac0f7cc SHA256=2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d SHA256=f929bead59e9424ab90427b379dcdd63fbfe0c4fb5e1792e3a1685541cd5ec65 SHA256=59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347 SHA256=552f70374715e70c4ade591d65177be2539ec60f751223680dfaccb9e0be0ed9 SHA256=86a8e0aa29a5b52c84921188cc1f0eca9a7904dcfe09544602933d8377720219 SHA256=1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8 SHA256=60c6f4f34c7319cb3f9ca682e59d92711a05a2688badbae4891b1303cd384813 SHA256=55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a SHA256=42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f SHA256=bb1135b51acca8348d285dc5461d10e8f57260e7d0c8cc4a092734d53fc40cbc SHA256=b179e1ab6dc0b1aee783adbcad4ad6bb75a8a64cb798f30c0dd2ee8aaf43e6de SHA256=314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073 SHA256=65db1b259e305a52042e07e111f4fa4af16542c8bacd33655f753ef642228890 SHA256=19a212e6fc324f4cb9ee5eba60f5c1fc0191799a4432265cbeaa3307c76a7fc0 SHA256=a7c8f4faf3cbb088cac7753d81f8ec4c38ccb97cd9da817741f49272e8d01200 SHA256=677c0b1add3990fad51f492553d3533115c50a242a919437ccb145943011d2bf SHA256=fc22977ff721b3d718b71c42440ee2d8a144f3fbc7755e4331ddd5bcc65158d2 SHA256=ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173 SHA256=18e1707b319c279c7e0204074088cc39286007a1cf6cb6e269d5067d8d0628c6 SHA256=c9cf1d627078f63a36bbde364cd0d5f2be1714124d186c06db5bcdf549a109f8 SHA256=afdd66562dea51001c3a9de300f91fc3eb965d6848dfce92ccb9b75853e02508 SHA256=a899b659b08fbae30b182443be8ffb6a6471c1d0497b52293061754886a937a3 SHA256=1963d5a0e512b72353953aadbe694f73a9a576f0241a988378fa40bf574eda52 SHA256=7133a461aeb03b4d69d43f3d26cd1a9e3ee01694e97a0645a3d8aa1a44c39129 SHA256=32e1a8513eee746d17eb5402fb9d8ff9507fb6e1238e7ff06f7a5c50ff3df993 SHA256=082c39fe2e3217004206535e271ebd45c11eb072efde4cc9885b25ba5c39f91d SHA256=65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd SHA256=f8430bdc6fd01f42217d66d87a3ef6f66cb2700ebb39c4f25c8b851858cc4b35 SHA256=9f1229cd8dd9092c27a01f5d56e3c0d59c2bb9f0139abf042e56f343637fda33 SHA256=b03f26009de2e8eabfcf6152f49b02a55c5e5d0f73e01d48f5a745f93ce93a29 SHA256=3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838 SHA256=3c5bf92c26398695f9ced7ce647a7e9f6ddcc89eea66b45aa3607196a187431b SHA256=478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82 SHA256=4ed2d2c1b00e87b926fb58b4ea43d2db35e5912975f4400aa7bd9f8c239d08b7 SHA256=b205835b818d8a50903cf76936fcf8160060762725bd74a523320cfbd091c038 SHA256=ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89 SHA256=73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e SHA256=87e38e7aeaaaa96efe1a74f59fca8371de93544b7af22862eb0e574cec49c7c3 SHA256=2270a8144dabaf159c2888519b11b61e5e13acdaa997820c09798137bded3dd6 SHA256=43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89 SHA256=e1980c6592e6d2d92c1a65acad8f1071b6a404097bb6fcce494f3c8ac31385cf SHA256=1dadd707c55413a16320dc70d2ca7784b94c6658331a753b3424ae696c5d93ea SHA256=d84e3e250a86227c64a96f6d5ac2b447674ba93d399160850acb2339da43eae5 SHA256=5ae23f1fcf3fb735fcf1fa27f27e610d9945d668a149c7b7b0c84ffd6409d99a SHA256=0f726d8ce21c0c9e01ebe6b55913c519ad6086bcaec1a89f8308f3effacd435f SHA256=95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3 SHA256=0e14a4401011a9f4e444028ac5b1595da34bbbf9af04a00670f15ff839734003 SHA256=26c86227d3f387897c1efd77dc711eef748eb90be84149cb306e3d4c45cc71c7 SHA256=42d926cfb3794f9b1e3cb397498696cb687f505e15feb9df11b419c49c9af498 SHA256=1684e24dae20ab83ab5462aa1ff6473110ec53f52a32cfb8c1fe95a2642c6d22 SHA256=9b6a84f7c40ea51c38cc4d2e93efb3375e9d98d4894a85941190d94fbe73a4e4 SHA256=440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c SHA256=e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53 SHA256=3a364a7a3f6c0f2f925a060e84fb18b16c118125165b5ea6c94363221dc1b6de SHA256=fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330 SHA256=3ac5e01689a3d745e60925bc7faca8d4306ae693e803b5e19c94906dc30add46 SHA256=175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347 SHA256=8596ea3952d84eeef8f5dc5b0b83014feb101ec295b2d80910f21508a95aa026 SHA256=52a90fd1546c068b92add52c29fbb8a87d472a57e609146bbcb34862f9dcec15 SHA256=543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91 SHA256=e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf SHA256=1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c SHA256=cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64 SHA256=3ed15a390d8dfbd8a8fb99e8367e19bfd1cced0e629dfe43ccdb46c863394b59 SHA256=8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6 SHA256=eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b SHA256=37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9 SHA256=32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351 SHA256=c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5 SHA256=ff803017d1acafde6149fe7d463aee23b1c4f6f3b97c698c05f3ca6f07e4df6c SHA256=000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b SHA256=0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05 SHA256=a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433 msdt.exe sdiageng.dll WINWORD.exe;EXCEL.EXE VBE7.DLL;VBE7INTL.DLL;VBEUI.DLL;wshom.ocx wbemdisp.dll;wbemcomn.dll;wbemprox.dll;wmiutils.dll;wbemsvc.dll ntkrnlmp.exe \spool\drivers\x64\3\;\spool\drivers\W32X86\3\;\spool\drivers\IA64\3\ spoolsv.exe;printisolationhost.exe Valid Brother Industries;Canon;Sharp;Microsoft Corporation;DYMO;Euro Plus d.o.o;HP Inc;Hewlett-Packard C:\Windows\ \Users\Public\;\Desktop\;\Downloads\;\AppData\Local\Temp\;\PerfLogs\;$Recycle;\Fonts\ \Program Files EQNEDT32.EXE EQNEDT32.EXE ACTIVEDS.DLL;Adsldpc.dll;Wldap32.dll;adsldp.dll C:\Users;\Temp\;\ProgramData\ ConnectWise.exe \MSP Anywhere for N-central\Viewer\tkcuploader.exe ACTIVEDS.DLL;Adsldpc.dll;Wldap32.dll;adsldp.dll \wscript.exe;\cscript.exe;\powershell.exe;\powershell_ise.exe;\rundll32.exe;\msbuild.exe;\csc.exe 6.3.9600.20566 (winblue_ltsb_escrow.220812-1741) winblue WINWORD.exe;EXCEL.EXE VBEUI.DLL;VBE6.DLL;VBE6INTL.DLL;wshom.ocx wbemdisp.dll;wbemcomn.dll;wbemprox.dll;wmiutils.dll;wbemsvc.dll;fastprox.dll WINWORD.exe;EXCEL.EXE VBE7.DLL;VBE7INTL.DLL;VBEUI.DLL;wbemdisp.dll;wbemcomn.dll;wbemprox.dll;wmiutils.dll;wbemsvc.dll WINWORD.exe;EXCEL.EXE VBEUI.DLL;VBE6.DLL;VBE6INTL.DLL;wbemdisp.dll;wbemcomn.dll;wbemprox.dll;wmiutils.dll;wbemsvc.dll WINWORD.exe;EXCEL.EXE taskschd.dll wscript.exe;cscript.exe taskschd.dll wmiprvse.exe taskschd.dll powershell.exe msi.dll powershell amsi.dll powershell amsi.dll C:\Program Files (x86)\N-Able Technologies\AutomationManagerEngine\2.70.0.4\AutomationManager.ScriptRunner64.exe;C:\Program Files\Cavelo\Cavelo Agent\osqueryi.exe;C:\Program Files (x86)\Duo Device Health\Duo Device Health.exe logoncli.dll C:\Windows\System32\wbem\WmiPrvSE.exe WINWORD.exe;EXCEL.EXE clr.dll clr.dll;System.Management.ni.dll;Microsoft.Build.Utilities wscript.exe;cscript.exe msxml;wshom.ocx wscript.exe;cscript.exe winhttp.dll;mswsock.dll;IPHLPAPI.DLL installutil.exe CustomMarshalers.dll;CustomMarshalers.ni.dll;System.Management.ni.dll;WMINet_Utils.dll;mswsock.dll System.Management.Automation.ni.dll C:\Windows\Microsoft.NET\assembly\GAC_MSIL\ System.Management.Automation.dll C:\Windows\Microsoft.NET\assembly\GAC_MSIL\ Lenovo.Vantage.AddinHost;\Microsoft.Sara.exe;C:\Program Files\CONEXANT C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe;C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe C:\Windows\System32\vaultcli.dll \svchost.exe;\GameBar.exe;C:\Program Files\WindowsApps;\Microsoft\Teams\current\Teams.exe \\ \Microsoft\Word\Startup\ .wll \Microsoft\Excel\Startup\ .xll \Microsoft\Addins\ .xla tor-lib.dll C:\Windows\System32\WinSCard.dll;C:\Windows\System32\cryptdll.dll;C:\Windows\System32\hid.dll;C:\Windows\System32\samlib.dll;C:\Windows\System32\vaultcli.dll C:\Program Files\Cavelo\Cavelo Agent\osqueryi.exe;C:\Program Files\Veeam\Backup and Replication\Console\veeam.backup.shell.exe rundll32.exe vaultcli.dll;wlanapi.dll combase.dll cryptdll.dll imm32.dll logoncli.dll netapi32.dll ntasn1.dll ntdsapi.dll samlib.dll shcore.dll srvcli.dll odbc32.dll;winhttp.dll;netapi32.dll;SHLWAPI.dll C:\Windows\Explorer.EXE C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\ProgramData\ C:\ProgramData\ .exe Adobe C:\ProgramData\Lenovo\;C:\ProgramData\Cavelo\jre\bin\java.exe C:\ProgramData\Microsoft\Windows Defender\ C:\ProgramData\sysmon\sysmon64.exe C:\ProgramData\sysmon\sysmon.exe C:\Users\Default\;C:\Users\Public\ .exe C:\Users\Default\;C:\Users\Public\ .dll 56ceb6d0011d87b6e4d7023d7ef85676;4f2eb62fa529c0283b28d05ddd311fae;b91ce2fa41029f6955bff20079468448;b91ce2fa41029f6955bff20079468448;846e27a652a5e1bfbd0ddd38a16dc865;2c4a910a1299cdae2a4e55988a2f102e SHA256=074eb0e75bb2d8f59f1fd571a8c5b76f9c899834893da6f7591b68531f2b5d82 SHA256=45c8233236a69a081ee390d4faa253177180b2bd45d8ed08369e07429ffbe0a9 SHA256=9ceca98c2b24ee30d64184d9d2470f6f2509ed914dafb87604123057a14c57c0 SHA256=29b75f0db3006440651c6342dc3c0672210cfb339141c75e12f6c84d990931c3 SHA256=c8c907a67955bcdf07dd11d35f2a23498fb5ffe5c6b5d7f36870cf07da47bff2 SHA256=76a2f2644cb372f540e179ca2baa110b71de3370bb560aca65dcddbd7da3701e C:\Windows\System32\svchost.exe false Revoked Expired jscript9.dll mshta.exe scrobj.dll crypt0.dll C:\Windows\System32\wlanapi.dll C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience C:\Windows\ImmersiveControlPanel\SystemSettings.exe C:\Windows\ImmersiveControlPanel\SystemSettings.exe C:\Windows\System32\AppHostRegistrationVerifier.exe C:\Windows\System32\CompatTelRunner.exe C:\Windows\System32\DeviceCensus.exe C:\Windows\System32\DriverStore\FileRepository\ C:\Windows\System32\LogonUI.exe C:\Windows\System32\MoNotificationUx.exe C:\Windows\System32\SystemSettingsBroker.exe C:\Windows\System32\dxgiadaptercache.exe C:\Windows\System32\netsh.exe C:\Windows\System32\wlanext.exe C:\Windows\UUS\amd64\MoUsoCoreWorker.exe C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_ C:\Windows\explorer.exe python C:\Windows\Microsoft.NET\assembly\GAC_MSIL false C:\Windows\Microsoft.NET\assembly\GAC_MSIL true C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe;C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe;C:\Program Files (x86)\Duo Device Health\Duo Device Health.exe \Microsoft Office\ \mscorlib.ni.dll \Microsoft Office\ \sppc.dll C:\Windows\System32\svchost.exe true C:\Program Files (x86)\Kaspersky Lab C:\Program Files\Kaspersky Lab C:\Program Files (x86)\ESET C:\Program Files\ESET C:\ProgramData\Microsoft\Windows Defender\ Fortinet Lenovo Sophos mscorsvw.exe C:\Program Files (x86)\Microsoft Office\root\Office15\officebackgroundtaskhandler.exe C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe C:\Program Files\Microsoft Office\root\Office15\officebackgroundtaskhandler.exe C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe C:\Windows\SysWOW64\SearchProtocolHost.exe C:\Windows\System32\InstallAgentUserBroker.exe C:\Windows\System32\RuntimeBroker.exe C:\Windows\System32\SearchIndexer.exe C:\Windows\System32\SettingSyncHost.exe C:\Windows\System32\backgroundTaskHost.exe C:\Windows\System32\sppsvc.exe C:\Windows\System32\taskhost.exe C:\Windows\System32\taskhostw.exe C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe HxTsr.exe SearchUI.exe C:\Program Files (x86)\Common Files\BIExcelFunctions1.1\32bit\Sage. C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Pfx. C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Adist64.dll C:\Program Files (x86)\Microsoft Office\Office15\Library\Analysis\ANALYS32.XLL C:\Program Files (x86)\Microsoft Office\Office16\Library\Analysis\ANALYS32.XLL C:\Program Files\Microsoft Office\Office15\Library\Analysis\ANALYS32.XLL C:\Program Files\Microsoft Office\Office16\Library\Analysis\ANALYS32.XLL C:\Windows\SysWOW64\sppc.dll Microsoft.Office.Interop.VisOcx.dll Microsoft.Office.Interop.Word.dll Microsoft.Vbe.Interop.dll OFFICE.DLL 0x001A0000 c:\windows\system32\lsass.exe msiexec.exe chrome.exe;firefox.exe;edge.exe;browser_broker.exe;iexplore.exe;opera.exe 0x001A0000 c:\windows\system32\lsass.exe c:\windows\system32\lsass.exe c:\windows\system32\rundll32.exe DbgUiRemoteBreakin nacl64.exe QueryProcessDebugInformationRemote nacl64.exe isdebuggerpresent nacl64.exe DebugActiveProcess nacl64.exe LoadLibrary C:\Program Files\Bitdefender\Endpoint Security\EPSecurityService.exe C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe C:\Windows\ImmersiveControlPanel\SystemSettings.exe C:\Windows\System32\DriverStore\FileRepository\ C:\Windows\System32\igfxEM.exe C:\Windows\System32\igfxHK.exe Enterprise\Common7\IDE\devenv.exe C:\Program Files (x86)\ASUS\ROG Live Service\FileOperator.exe C:\ProgramData\Microsoft\Windows Defender\Platform\;\MsMpEng.exe CreateFileMapping;MapViewOfFile LdrLoadDll CryptAcquireContextA;CryptDecodeObjectEx;CryptImportPublicKeyInfo;CryptEncrypt;CryptGenKey;CryptDecrypt;CryptStringToBinary;CryptBinaryToString;CryptImportKey c:\windows\system32\csrss.exe CrtlRoutine 0B80 0C7C 0C88 c:\windows\system32\mstsc.exe C:\WINDOWS\SYSTEM32\ntdll.dll EtwEventWrite C:\Windows\SysWOW64\wbem\WmiPrvSE.exe C:\Windows\system32\audiodg.exe C:\Windows\system32\services.exe C:\Windows\system32\svchost.exe C:\Windows\system32\wbem\WmiPrvSE.exe C:\Windows\system32\wininit.exe C:\Windows\system32\winlogon.exe C:\Windows\System32\SHELL32.dll+9b5bd \LocalBridge.exe C:\Windows\System32\wshom.ocx+c8a0;C:\Windows\System32\wshom.ocx+c39d C:\Windows\SYSTEM32\framedynos.dll+2cb3e C:\Windows\system32\SgrmBroker.exe;C:\Windows\system32\SecurityHealthService.exe;C:\ProgramData\Microsoft\Windows Defender\platform\;C:\Windows\system32\services.exe;C:\Windows\system32\wininit.exe;C:\Windows\system32\sppsvc.exe;C:\Windows\System32\smss.exe;C:\Windows\system32\csrss.exe;C:\Windows\System32\svchost.exe C:\Windows\SYSTEM32\framedynos.dll+2b496 C:\Windows\SYSTEM32\dbgcore.DLL+6cfb C:\Windows\System32\KernelBase.dll+de67e ntdll.dll+a0044 clr.dll+6c23;clr.dll+6b38 C:\Windows\\SYSTEM32\ntdll.dll+;|C:\Windows\System32\KERNELBASE.dll+;|UNKNOWN( ) "UNKNOWN(;)|UNKNOWN( ) "UNKNOWN 0x1F0FFF;0x1F1FFF;0x143A;0x1410;0x1010;0x1F2FFF;0x1F3FFF;0x1FFFFF C:\Program Files;\Microsoft Office\Root\Office \Microsoft Shared\VBA C:\Program Files (x86)\Intuit\ C:\Windows\system32\lsass.exe 0x1FFFFF UNKNOWN WmiPerfClass.dll C:\Windows\sysWOW64\wbem\wmiprvse.exe;C:\Windows\system32\wbem\wmiprvse.exe;C:\Program Files\VMware\VMware Tools\vmtoolsd.exe;C:\Program Files (x86)\VMware\VMware Tools\vmtoolsd.exe;WmiPerfClass.dll;C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\customhook\CoreSyncCustomHook.exe;C:\Program Files\Adobe\Adobe Sync\CoreSync\customhook\CoreSyncCustomHook.exe;C:\Program Files (x86)\Common Files\Adobe C:\Windows\system32\lsass.exe C:\Windows\system32\wsmprovhost.exe C:\Windows\system32\lsass.exe 0x1FFFFF python27.dll;_ctypes.pyd;KERNELBASE.dll;ntdll.dll C:\Windows\system32\lsass.exe C:\Windows\SYSTEM32\ntdll.dll+4595c|C:\Windows\system32\KERNELBASE.dll+8185 C:\Windows\system32\lsass.exe C:\WINDOWS\SYSTEM32\ntdll.dll+ ) |C:\WINDOWS\System32\KERNELBASE.dll+;|UNKNOWN( wow64.dll;)|C;Exchange.Diagnostics;Microsoft.Exchange C:\Program Files\Bitdefender\Endpoint Security\EPSecurityService.exe;c:\windows\system32\inetsrv\w3wp.exe;MSExchangeHMHost.exe;C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Windows\system32\winlogon.exe 0x1F3FFF C:\Windows\Microsoft.NET;UNKNOWN C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe .exe C:\Windows\sysmon64.exe;C:\Windows\sysmon64.exe 0x1C00 C:\Windows\system32\lsass.exe 0x1F1FFF UNKNOWN C:\Windows\system32\lsass.exe 0x1010 UNKNOWN C:\Windows\system32\lsass.exe 0x143A UNKNOWN C:\Windows\system32\lsass.exe 0x1fffff dbghelp.dll;dbgcore.dll dbghelp.dll;dbgcore.dll C:\Windows\system32\lsass.exe C:\wfx32\ powershell.exe C:\Programdata\sysmon\sysmon64.exe;C:\Programdata\sysmon\sysmon.exe;C:\Windows\sysmon.exe;C:\Windows\sysmon64.exe;\dismhost.exe C:\WINDOWS\SYSTEM32\ntdll.dll+;|C:\WINDOWS\System32\KERNELBASE.dll+;|C:\ProgramData\Microsoft\Windows Defender\Platform\;\MPCLIENT.DLL;\MpOav.dll+;|C:\WINDOWS\SYSTEM32\amsi.dll getasynckeystate cmlua.dll System.Management.Automation C:\ProgramData\Microsoft\Windows Defender\platform\ ctiuser.dll AutomationManager.ScriptRunner64.exe C:\Program Files\Citrix\ConfigSync\ConfigSyncRun.exe C:\Program Files\Microsoft\Exchange Server\V14\bin\ExSetupUI.exe C:\Program Files\Microsoft\Exchange Server\V15\bin\ExSetupUI.exe C:\Program Files\Microsoft\Exchange Server\V16\bin\ExSetupUI.exe C:\Windows\SysWOW64\sdiagnhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\Temp\ExchangeSetup\ExSetupUI.exe C:\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Program Files\Microsoft Azure Active Directory Connect\AzureADConnect.exe C:\Windows\system32\HOSTNAME.EXE C:\Windows\system32\ROUTE.exe C:\Windows\system32\query.exe MsMpEng.exe C:\Windows\system32\lsass.exe comsvcs.dll VBE7.dll;VBEUI.DLL;VBE7INTL.DLL VBE6.dll;VBEUI.DLL;VBE6INTL.DLL Office verclsid.exe VBE7.dll;VBEUI.DLL;VBE7INTL.DLL |UNKNOWN( 0x1FFFFF C:\Program Files\Microsoft Office\Root\Office C:\Windows\System32\KERNELBASE.dll+76516 C:\Windows\System32\SHELL32.dll+ae3b9 C:\WINDOWS\system32\sihost.exe C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub UNKNOWN |UNKNOWN( C:\WINDOWS\SYSTEM32\ntdll.dll+ |C:\WINDOWS\System32\KERNELBASE.dll+ ) C:\Program Files\SentinelOne\ 0x1028;0x1fffff C:\Program Files\SmartGit\bin\;C:\Program Files (x86)\ASUS\Update\;C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe;C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe;C:\WINDOWS\SysWOW64\config\systemprofile\Citrix\UpdaterBinaries\;C:\Program Files\Mozilla Firefox\firefox.exe;C:\Program Files\SmartGit\git;\Intel\Driver and Support Assistant\DSAService.exe;C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\;C:\Program Files (x86)\MspPlatform\RequestHandlerAgent\RequestHandlerAgent.exe;C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe;C:\ProgramData\Cavelo\jre\bin\java.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe;C:\Program Files\Cavelo\Cavelo Agent\parser.exe C:\Windows\Microsoft.NET\Framework\;\NGenTask.exe C:\Program Files (x86)\Duo Device Health\Duo Device Health.exe \Intel\Driver and Support Assistant\ C:\Program Files\AMD\CNext\CNext\Radeonsoftware.exe;C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.UserSessionHelper.exe C:\Windows\Microsoft.NET\Framework\;\ngen.exe winword.exe;excel.exe;powerpnt.exe :\Windows\Microsoft.NET\Framework64\v2.;UNKNOWN UNKNOWN 0x147a C:\Windows\Sysmon64.exe;C:\Windows\Sysmon.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe C:\ProgramData\Microsoft\Windows Defender\Platform\;\MsMpEng.exe;C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe;C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 0x1400 C:\Program Files\SentinelOne\ 0x0800 0x0810 0x0820 0x810 0x820 cscript.exe wscript.exe jjs.exe dump mimikatz CorperfmontExt.dll wmiprvse.exe lsass.exe lsass.exe winlogon.exe lsass.exe C:\Windows\system32\w32tm.exe;C:\Windows\System32\ping.exe;C:\Windows\System32\net.exe;C:\Windows\System32\net1.exe;C:\Windows\SYSTEM32\HOSTNAME.EXE;C:\Programdata\sysmon\sysmon.exe;C:\Programdata\sysmon\sysmon64.exe;C:\Program Files\Windows Defender\MsMpEng.exe;C:\Program Files (x86)\BeAnywhere Support Express\;C:\Program Files (x86)\CheckPoint\;C:\Program Files (x86)\Common Files\Intuit\QuickBooks\;C:\Program Files (x86)\Fortinet\;C:\Program Files (x86)\Trend Micro\;C:\Program Files\Adobe\Adobe Creative Cloud Experience\;C:\Program Files\CheckPoint\;C:\Program Files\Fortinet\;C:\Program Files\Realtek;C:\Program Files\Trend Micro\;C:\ProgramData\Microsoft\Windows Defender\platform\;C:\Program Files (x86)\Lenovo\;snmpd.exe;taskmgr;:\Windows\System32\smss.exe;:\Windows\system32\wininit.exe;\Bin\FMS.exe; \EMET_GUI.exe;\EMET_Service.exe;\Google\Update\GoogleUpdate.exe;\RAAGTAPP.EXE;\controls\cef\ConnectWise.exe;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;C:\Program Files\Hewlett-Packard\AMS\service\hpqams.exe;C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe;C:\Program Files\VMware\VMware Tools\vmtoolsd.exe;C:\Program Files\Windows Defender\MsMpEng.exe;C:\WINDOWS\system32\WerFault.exe;C:\WINDOWS\system32\taskkill.exe;C:\Windows\SysWOW64\WerFault.exe;C:\Windows\System32\snmp.exe;C:\Windows\system32\msiexec.exe;C:\Windows\system32\spoolsv.exe;C:\Windows\system32\svchost.exe :\Windows\system32\sppsvc.exe :\Windows\system32\sdiagnhost.exe UNKNOWN(00007F C:\Windows\SYSTEM32\ntdll.dll C:\Windows\SYSTEM32\win32u.dll C:\Windows\SYSTEM32\wow64win.dll C:\Program Files (x86)\Kaspersky Lab C:\Program Files\Kaspersky Lab C:\Program Files (x86)\ESET C:\Program Files\ESET C:\ProgramData\Microsoft\Windows Defender\ \TEMP\nessus_ solarwinds.businesslayerhost .exe;.dll;.ps1;.mz;.jpg;.png C:\WINDOWS\SysWOW64\netsetupsvc.dll C:\Windows\SoftwareDistribution C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch .exe C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe proj .targets .build .props .tasks .sln .cs .bat .btm .cmd .com .cmdline .bas .bin C:\Windows\System32\WUDFHost.exe C:\Windows\SysWOW64\Wbem C:\Windows\System32\Wbem .ws .wsc .wsf .wsh .pif .hta IronPython .py .pyc .pyd .cdxml .ps1 C:\Program Files (x86)\N-Able Technologies\AutomationManagerEngine\2.70.0.4\AutomationManager.ScriptRunner64.exe .ps1xml .psc1 .psd1 .psm1 AutomationManager.ScriptRunner64.exe .pssc powershell.exe;powershell_ise.exe \Recent\CustomDestinations\ C:\Windows\SysWOW64\WindowsPowerShell C:\Windows\System32\WindowsPowerShell c:\Windows\System32\WindowsPowerShell\v1.0\profile c:\Windows\Syswow64\WindowsPowerShell\v1.0\profile \UsageLogs\powershell.exe.log PSReadLine\ConsoleHost_history.txt .vbs .oracle_jre_usage\ .js .jse .vb .vbe .vbsript Report.wer.tmp \WER\ C:\Windows\system32\wermgr.exe winword.exe;excel.exe;powerpnt.exe;outlook.exe;msaccess.exe;mspub.exe;visio.exe;notepad.exe;wordpad.exe;eqnedt32.exe;wordview.exe .exe C:\Users winword.exe;excel.exe;powerpnt.exe;outlook.exe;msaccess.exe;mspub.exe;visio.exe;notepad.exe;wordpad.exe;eqnedt32.exe;wordview.exe .dll C:\Users !!!-WARNING-!!!.html;!!!-WARNING-!!!.txt;!!! HOW TO DECRYPT FILES !!!;!!!README!!!;!!!READ_TO_UNLOCK!!!.TXT;!!!_READ_ME_;!Recovery_;!Where_are_my_files!.html;!_HOW_TO_RESTORE_;!_RECOVERY_HELP_!.txt;!recover!;# DECRYPT MY FILES #.html;# DECRYPT MY FILES #.txt;# DECRYPT MY FILES #.vbs;# SATAN CRYPTOR #;+recover+;.8lock8;.31392E30362E32303136_;.ABCDEF;.CIop;.CR1;.CRAB;.CRYPTOSHIELD;.Cl0p;.Contact_Here_To_Recover_Your_Files.txt;.CryptoTorLocker2015!;.HERMES;.HakunaMatata;.How_To_Decrypt.txt;.How_To_Get_Back.txt;.KEYZ.KEYH0LES;.L0CKED;.LOL!;.MATRIX;.OMG!;.R.i.P;.RMCM1;.RSplited;.SUPERCRYPT;.SecureCrypted;.TheTrumpLocker;.VBRANSOM;.VforVendetta;.Where_my_files.txt;.XBTL;._AiraCropEncrypted!;.airacropencrypted!;.areyoulovemyrans;.berkshire;.bitpy;.bitx;.blocatto;.bomber;.braincrypt;.breakingbad;.breeding123;.cerber;.cifgksaffsfyghd;.country82000;.crypt;.crypted;.crypton;.cryptotorlocker;.decrypt2017;.deria;.dglnl;.disposed2017;.doomed;.encrypted.locked;.encrypted;.encryptedyourfiles;.enjey;.evillock;.filegofprencrp;.fileiscryptedhard;.firecrypt;.fuckyourdata;.gangbang;.gefickt;.googl;.happydayzz;.hceem;.helpdecrypt;.helpmeencedfiles;.hnumkhotep;.hydracrypt_ID;.iaufkakfhsaraf;.info.txt;.jimm;.kharma;.killedXXX;.lambda_l0cked;.letmetrydecfiles;.locked;.locker16;.loveransisgood;.lovewindows;.magic_software_syndicate;.mention9823;.moments2900;.myrandsext2017;.newlock;.no_more_ransom;.nochance;.noproblemwedecfiles;.notfoundrans;.ohwqg;.one-we_can-help_you;.oops;.osiris;.otherinformation;.paytounlock;.powerfulldecrypt;.powned;.pr0lock;.prolock;.prosperous666;.pwnd;.ransom;.readme2unlock;.righ;.roger;.ryk;.satan;.savethequeen;.sigaint.org;.skjdthghh;.skynet;.snatch;.stubbin;.supported2017;.suppose666;.theworldisyours;.txd0t;.warn_wallet;.weapologize;.weareyourfriends;.weencedufiles;.wowreadfordecryp;.wowwhereismyfiles;.wvtr0;.yourransom;.zzzzz ;.{CRYPTENDBLACKDC};-DECRYPT.txt;000-IF-YOU-WANT-DEC-FILES;000-No-PROBLEM-WE-DEC-FILES;000-PLEASE-READ-WE-HELP;001-READ-FOR-DECRYPT-FILES;1025-7152.exe;:\windows\update_collector.exe;=READ=THIS=PLEASE=;@cock.li;@countermail.com;@firemail.cc;@india.com;@mail.ru;@ukr.net;ASSISTANCE_IN_RECOVERY;ATTENTION!!!.txt;ATTENTION.url;Aescrypt.exe;AllFilesAreLocked;BTC_DECRYPT_FILES;BUYUNLOCKCODE.txt;BUYUNLOCKCODE;BitCryptorFileList.txt;C:\ProgramData\dtb.dat;C:\Programdata\WinMgr;C:\Programdata\clean.bat;C:\Programdata\run.bat;C:\Windows\svchost.exe;CEBER3;CHECK-IT-HELP-FILES;COME_RIPRISTINARE_I_FILE.;COMO_ABRIR_ARQUIVOS.txt;COMO_RESTAURAR_ARCHIVOS;Coin.Locker.txt;Comment débloquer mes fichiers.txt;Como descriptografar seus arquivos.txt;Corona-virus-Map;Corona.bat;Corona.sfx;CryptoRansomware;Crytp0l0cker;Cyber SpLiTTer Vbs.exe;Cyborg_DECRYPT;DALE_FILES.TXT;DECRYPT-FILES;DECRYPTION INSTRUCTIONS.;DECRYPTION_HOWTO.Notepad;DECRYPT_INFORMATION;DECRYPT_INSTRUCTION.HTML;DECRYPT_INSTRUCTION.URL;DECRYPT_INSTRUCTIONS.html;DECRYPT_INSTRUCTIONS;DECRYPT_ReadMe1.TXT;DECRYPT_Readme.TXT.ReadMe;DECRYPT_YOUR_FILES;DESIFROVANI_POKYNY.html;Decrypt All Files;DecryptAllFiles;DecryptFile;Decrypt_readme.txt;DesktopOsiris;ENTSCHLUSSELN_HINWEISE.html;EdgeLocker;FILESAREGONE.txt;FILES_BACK.txt;File Decrypt Help.html;GJENOPPRETTING_AV_FILER;GetYouFiles.txt;HAPPEN-ENCED-FILES;HELLOTHERE.TXT;HELP-ME-ENCED-FILES;HELPDECRYPT_YOUR_FILES.HTML;HELP_DECRYPT.HTML;HELP_DECRYPT.PNG;HELP_DECRYPT.URL;HELP_DECRYPT.lnk;HELP_ME_PLEASE.txt;HELP_RESTORE_FILES_;HELP_TO_SAVE_FILES.bmp;HELP_TO_SAVE_FILES;HELP_YOURFILES.HTML;HELP_YOUR_FILES.PNG;HELP_YOUR_FILES.html;HELP_YOUR_FILES;HOW-TO-DECRYPT-FILES.HTML;HOW-TO-RESTORE-FILES;HOW TO BACK YOUR FILES;HOW TO DECRYPT FILES.HTML;HOW TO DECRYPT FILES.txt;HOW TO RECOVER;HOWTO_RECOVER_FILES_;HOWTO_RESTORE_FILES;HOWTO_RESTORE_FILES_;HOW_DECRYPT.HTML;HOW_DECRYPT.TXT;HOW_DECRYPT.URL;HOW_OPEN_FILES;HOW_TO_DECRYPT.HTML;HOW_TO_DECRYPT_;HOW_TO_PAY_THE_RANSOM;HOW_TO_RESTORE_FILES.html;HOW_TO_RESTORE_FILES;HOW_TO_RESTORE_YOUR_DATA;HOW_TO_UNLOCK_FILES_README_;HWID Lock.exe;Hacked_Read_me_to_decrypt_files.html;Help Decrypt.html;How decrypt files.hta;How to decrypt LeChiffre files.html;How to decrypt your data.txt;HowDecrypt.gif;HowDecrypt.txt;How_to_decrypt_your_files.jpg;How_to_restore_files.hta;HowtoRestore_File;HowtoRestore_Files;Howto_RESTORE_FILES.html;Howto_Restore_FILES.TXT;IAMREADYTOPAY.TXT;IF-YOU-WANT-DEC-FILES;IF_WANT_FILES_BACK_PLS_READ.html;IHAVEYOURSECRET.KEY;IMPORTANT READ ME.txt;IMPORTANT.README;INSTALL_TOR.URL;INSTRUCCIONES;INSTRUCCIONES_DESCIFRADO.html;INSTRUCTION RESTORE FILE;INSTRUCTIONS_DE_DECRYPTAGE.html;INSTUCCIONES_DESCRIFRADO;ISTRUZIONI_DECRITTAZIONE.html;Important!.txt;Instructionaga.txt;KryptoLocker_README.txt;LEER_INMEDIATAMENTE;LET-ME-TRY-DEC-FILES;Locked-by-Mafia;MENSAGEM.txt;MERRY_I_LOVE_YOU_BRUCE.hta;No-PROBLEM-WE-DEC-FILES;OKSOWATHAPPENDTOYOURFILES.TXT;ONTSLEUTELINGS_INSTRUCTIES.html;OSIRIS-;PAYLOADBIN;PINGY@INDIA.COM;PLEASE-READ-WE-HELP.;PLEASE-READIT-IF_YOU-WANT.html;PLEASE-READIT-IF_YOU-WANT;PLEASE-README-AFFECTED-FILES;PLS-DEC-MY-FILES;PURELOCKER;Payment_Instructions.jpg;Please Read Me!!!;READ-FOR-DECCCC-FILESSS;READ-FOR-DECRYPT-FILES;READ-READ-READ;READ IF YOU WANT YOUR FILES BACK.html;READ ME FOR DECRYPT.txt;README HOW TO DECRYPT YOUR FILES.HTML;README!!!;README_DECRYPT_HYDRA_ID_;README_DECRYPT_HYRDA_ID_;README_DECRYPT_UMBRE_ID_;README_DONT_DELETE;README_HOW_TO_UNLOCK.HTML;README_HOW_TO_UNLOCK.TXT;README_RECOVER_FILES_;README_TO_RECURE_YOUR_FILES;READTHISNOW!!!.txt;READ_IT.txt;READ_ME_!.txt;READ_ME_TO_DECRYPT_YOU_INFORMA;READ_THIS_TO_DECRYPT.html;RECOVER-FILES;RECOVERY_FILE.;RECOVERY_FILES.TXT;RECOVER_MY_FILE;RESTORE_CORUPTED_FILES;RESTORE_FILES_;RETURN FILES.txt;RETURN YOUR FILES;RETURNFILES_.txt;RETURN_FILES.txt;RETURN_FILES_.txt;Rans0m_N0te_Read_ME;Read Me (How Decrypt) !!!!.txt;ReadDecryptFilesHere;Read_this_file.txt;Receipt.exe;RecoveryManual.html;Recovery_File_;Recovery_file_;Rooster865qq;SECRET.KEY;SECRETIDHERE.KEY;SHTODELATVAM.txt;SIFRE_COZME_TALIMATI.html;SORRY-FOR-FILES;Survey Locker.exe;TRY-READ-ME-TO-DEC;Temp\satan\satan;ThxForYurTyme;UNLOCK_FILES_INSTRUCTIONS.html;UNLOCK_FILES_INSTRUCTIONS.txt;UnblockFiles.vbs;VIP72.exe;Vape Launcher.exe;WANT_FILES_BACK;WE-MUST-DEC-FILES;WHERE-YOUR-FILES;WORMKILLER@INDIA.COM.XTBL;What happen to my files.txt;Whereisyourfiles;WindowsApplication1.exe;YOUGOTHACKED.TXT;YOUR_FILES.txt;YOUR_FILES.url;YOUR_FILES_ARE_DEAD;YOUR_FILES_ARE_ENCRYPTED.HTML;YOUR_FILES_ARE_ENCRYPTED.TXT;YOUR_FILES_ARE_LOCKED.txt;Your files are locked !!!!.txt;Your files are locked !!!.txt;Your files are locked !!.txt;Your files are locked !.txt;Your files encrypted by our friends !!! txt;Your files encrypted by our friends !!!.txt;[KASISKI];_Adatok_visszaallitasahoz_utasitasok;_DECRYPT_ASSISTANCE_;_DECRYPT_INFO_;_DECRYPT_INFO_szesnl;_DEC_FILES.;_FILES_WERE_ENCRYPTED_@.TXT;_HELP_HELP_HELP_;_HELP_Recover_Files_;_HELP_instructions.bmp;_HELP_instructions.txt;_HOWDO_text.bmp;_HOWDO_text.html;_HOW_TO_Decrypt;_H_e_l_p_RECOVER_INSTRUCTIONS+;_H_e_l_p_RECOVER_INSTRUCTIONS;_Locky_recover;_Locky_recover_instructions.bmp;_Locky_recover_instructions.txt;_README.hta;_README.jpg;_READ_ME!;_RECOVER_INSTRUCTIONS;_ReCoVeRy_+;_USE_TO_FIX_;_WHAT_is.html;_help_instruct;_how_recover.txt;_how_recover;_how_recover_;_recover_;_secret_code.txt;_steaveiwalker@india.com_;aeroware;confirmation.key;contains(to_string($message.file_created), "howrecover+;crjoker.html;cryptinfo.txt;cryptolocker.;cryptopp;de_crypt_readme.;de_crypt_readme.bmp;de_crypt_readme.html;de_crypt_readme.txt;decipher_ne;decrypt-instruct;decrypt explanations.;decrypt my file;decrypt your file;decrypt_Globe;decrypt_instruct;decrypted_files.dat;decryptional;decryptmyfiles;decypt_your_files.html;default32643264.bmp;default432643264.jpg;email-salazar_slytherin10;enc_files.txt;encryptor_raas_readme_liesmich;enigma.hta;enigma_encr.txt;exit.hhr.obleep;fattura_;file0locked;files_are_encrypted.;-filesencrypted;firemail.cc;firstransomware.exe;gmx.de;hacks.at.sigaint.org;help-file-decrypt.enc;help_decrypt;help_file_;help_instructions.;help_my_files;help_recover;help_recover_instructions;help_restore;help_restore_files;help_your_file;helpmeencedfiles;how to decrypt aes files.lnk;how to decrypt;how to get data.txt;how_decrypt.gif;how_recover;how_to_decrypt;how_to_recover;howrecover+ recoveryfile_;howrecover+;howto_recover_file;howto_restore;howtodecrypt;howtodecryptaesfiles.txt;inbox.ru;info@kraken.cc_worldcza@email.cz;install_tor;iran.ir;last_chance.txt;maestro@pizzacrypts.info;maxcrypt.bmp;only-we_can-help_you;openforyou@india.com;opensourcemail.org;padcrypt;paycrypt.bmp;popcorn_time.exe;powerfulldecrypt;protonmail.ch;qbmail.biz;randomname;readme_decrypt;readme_for_decrypt;readme_liesmich_encryptor_raas;recover_file;recover_file_;recover_instruction;recoverfile;recoverfile_;recovery+;recovery_file.txt;recovery_key.txt;recoveryfile;recover}-;restore_files.txt;restorefiles;restorefiles_;ryukreadme.html;tuta.io;tutanota.com;tutanota.de;unCrypte;vault.hta;vault.key;vault.txt;want your files back.;warning-!!;wie_zum_Wiederherstellen_von_Dateien.txt;wowreadfordecryp;wowwhereismyfiles;zXz.html;zycrypt.;zzzzzzzzzzzzzzzzzyyy C:\Users\;\Google\Chrome Beta\User Data\;\IndexedDB\ C:\Program Files\WindowsApps\Microsoft.YourPhone_;C:\Program Files\dotnet\shared\Microsoft.NETCore.App\;\Microsoft.NET\assembly\GAC_MSIL \System.Security.Cryptography Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe crackmapexec \Crypto.Cipher._AES.pyd \Crypto.Cipher._DES.pyd \Crypto.Hash._SHA256.pyd \Crypto.Random.OSRNG.winrandom.pyd \Crypto.Util.strxor.pyd \crackmapexec.exe.manifest \greenlet.pyd BootStrapDLL.dll C:\windows\temp\wininit.exe lazycat;powerkatz;mimikatz;mimidrv;mimilove;mimilib;mimikittenz;mimiauth;invoke-mimi rdpwrap.dll winspool.drv C:\Windows\System32\Wbem C:\Windows\SysWOW64\Wbem C:\WINDOWS\system32\wbem\scrcons.exe \Programs\Startup\ \Startup\ \Word\STARTUP\ \Microsoft\Templates\ \Excel\XLSTART\ .dotm .XLSB C:\Windows\Tasks\ RedirSuiteServiceProxy.aspx w3wp.exe .aspx w3wp.exe .asp w3wp.exe .ashx w3wp.exe .php w3wp.exe .aaa \wwwroot\aspnet_client\;\FrontEnd\HttpProxy\owa\auth .aspx;.php;.ashx w3wp.exe .ps1 w3wp.exe .bat w3wp.exe .dll w3wp.exe .vbs w3wp.exe .hta \wwwroot\ \wwwroot\aspnet_client\;jpg .asp \wwwroot\ .aspx \wwwroot\ \ecp\auth\ \oab\auth\ ClientAccess\Owa\ \owa\auth\ httpproxy\rpc\ ClientAccess\ecp\ \htdocs\ .SPL spoolsv.exe;printfilterpipelinesvc.exe;printisolationhost.exe;splwow64.exe;msiexec.exe;poqexec.exe spoolsv.exe .exe C\:\Windows\System32\spool\;C\:\Windows\Temp\;C\:\Users\ msiexec.exe \Microsoft\Edge\Application elevation_service.exe \LocalState\rootfs\ C:\PerfLogs\ C:\Temp\ C:\Users\Default\ C:\Users\Public\ C:\Windows\System32\WUDFHost.exe C:\Windows\Temp\ C:\Program Files\SentinelOne\ C:\Program Files\Cavelo\Cavelo Agent\osqueryi.exe;C:\Program Files\Cavelo\Cavelo Agent\parser.exe;C:\Program Files\Cavelo\Cavelo Agent\tesseract\tesseract.exe;AutomationManager.ScriptRunner64.exe \AppData\Temp\ $Recycle.Bin $Recycle.Bin C:\Windows\ \config\systemprofile\ C:\Windows\ \config\systemprofile\ .exe .7z.exe .doc.exe .doc.exe .docx.exe .ico.exe .iso.exe .lnk.exe .pdf.exe .ppt.exe .pptx.exe .rar.exe .rtf.exe .txt.exe .xls.exe .xlsx.exe .zip.exe ______.exe .chm proj .sln UMWorkerProcess.exe;UMService.exe . .log;.cfg;.txt;cleanup;.HealthCheck;\wp.active;.db .7z .7zip .arj .s7z .a .ace .ar .arc .bin C:\Windows\System32\WUDFHost.exe .cab .pak .gz .img .iso .lzm .lzma Temp\Rar$ .rar RarSFX .sfx .sz .tar .tar.gz .tgz .xz .zip .ost .eml .msg .pst Г;И;К;П;д;и;к;л;л;н;н;о;ф;ե;թ;յ;ն;ն;ն;ն;տ;ւ;ք Teamviewer.exe rundll32.exe mstsc.exe cmd.exe ipy.exe WScript.exe cscript.exe mshta.exe python.exe wmic.exe C:\Users\Default\;C:\Users\Public\ .dll C:\Users\Default\;C:\Users\Public\ .exe HiddenService torrc \tor.exe tor-gencert rclone s3browser grabff.exe grabff.exe RESTORE_;_FILES.txt DECRYPT_;_FILES.txt \run.dat;\task.dat;\storage.dat AppData Symantec BlueJeans VBoxRT.dll;VboxC.dll Content.IE5;INetCache .exe;.zip;.ps1;.bat;.rar;.dll MSForms.exd .exe C:\windows\system32\ .exe C:\windows\ \system32\ .dll;.exe C:\windows\ C:\Users\ C:\Program Files\WindowsApps\ C:\Program Files (x86)\MspPlatform\FileCacheServiceAgent\FileCacheServiceAgent.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe .dll;.exe C:\Users\ C:\Users\*\AppData\Local\Microsoft\Teams\Update.exe \Microsoft\Word\Startup\ .wll C:\windows\system32\CodeIntegrity\ \Microsoft\Excel\Startup\ .xll \Microsoft\Outlook\VbaProject.OTM \Microsoft\Addins\ .xla .vsto .bat C:\Windows\ C:\ProgramData\Lenovo\SystemUpdate\sessionSE\ .dll C:\Windows\ .sys C:\Windows\ .exe C:\Windows\ C:\Windows\System32\;C:\windows\syswow64\ .exe C:\Windows\System32\ .exe C:\Windows\SysWow64\ .theme \Packages\oice_ VirtualboxVM.exe notepad++.exe .lnk:Zone.Identifier \UsageLogs\cscript.exe.log \UsageLogs\mshta.exe.log \UsageLogs\msiexec.exe.log \UsageLogs\regsvr32.exe.log \UsageLogs\rundll32.exe.log \UsageLogs\svchost.exe.log \UsageLogs\wmic.exe.log \UsageLogs\wscript.exe.log \regsvr32.exe.log \UsageLogs\wsmprovhost.exe.log .lnk .url .sys .inf C:\Windows\SysWOW64\Drivers C:\Windows\System32\Drivers \Drivers\ .drv .xlam .xlsm .xla .xll .xls .xlsb .xlsx .xlt .xltm .xlw \Microsoft\Templates\ .eml .msg .potm .pptm .sldm \Microsoft\Office\Recent oleObject \Recent\CustomDestinations\ \Downloads\ \Content.Outlook\ .docb .wbk .ped .dot .dotx .doc .docm .docx .accdb .accde .accdr .accdt .mdb .mde .msc .mst .potx .ppam .ppsm .ppsx .ppt .pptm .pptx .pub .sldm .sldx .xls .xps .pem .crt .ca-bundle .cer .csr .der .p7b .p7r .p7s .pfx .sto .p12 .crl .sst SentinelAgent.exe .key .hlp ACLUI.DLL.UI ACLUI.DLL AFLogVw.exe AShld.exe AShldRes.DLL.asr AShldRes.DLL AhnI2.dll CamMute.exe CommFunc.dll CommFunc.jax DESqmWrapper.dll DESqmWrapper.wrapper FSPMAPI.dll.fsp FSPMAPI.dll Gadget.exe LoLTWLauncher.exe Mc.exe McUtil.dll.ping McUtil.dll.url McUtil.dll MpSvc.dll MsMpEng.exe NtUserEx.dat NtUserEx.dat NtUserEx.dll NtUserEx.dll NvSmart.exe NvSmartMax.dll NvSmartMax.dll NvSmartMaxapp.dll OInfo11.ISO OInfo11.ocx OInfoP11.exe OleView.exe OleView.exe POETWLauncher.exe RasTls.dll.config RasTls.dll.msc RasTls.dll RasTls.exe RunHelp.exe Sidebar.dll.doc Sidebar.dll Ushata.dll Ushata.exe Ushata.fox VeetlePlayer.exe boot.ldr chrome_frame_helper.dll.rom chrome_frame_helper.dll chrome_frame_helper.exe dvcemumanager.exe fsguidll.exe fslapi.dll.gui fslapi.dll fsstm.exe hccutils.dll.res hccutils.dll hha.dll.bak hha.dll hhc.exe hkcmd.exe iviewers.dll jli.dll libvlc.dll mPclient.dll mcf.ep mcf.exe mcupdui.exe mcut.exe mcutil.dll.bbc mcvsmap.exe msi.dll.dat msi.dll msseces.asm msseces.exe mtcReport.ktc rc.dll rc.exe rc.hlp sep_NE.exe sep_NE.slf tplcdclr.exe winmm.dll wts.chm credwiz.exe ssMUIDLL.dll aepic.dll ftllib.dll userenv.dll \Terminal Server Client\Cache\ C:\Windows\Prefetch \\tsclient C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\ \Temp\debug.bin Temp\7z C:\Windows\AppPatch\Custom .chm .cpl .mht \Chrome\User Data\Default\Extensions\ .crx .appref-ms .gadget .JSE .exe .scf Exchange Server\ClientAccess\Owa\ \Device\HarddiskVolumeShadowCopy .zip\ .FON .FOT C:\Windows\System32\GroupPolicy\Machine\Scripts C:\Windows\System32\GroupPolicy\User\Scripts .iqy .ico .isp .msc .manifest MEMORY.dmp .msi .cs .customDestinations-ms C:\Windows\Minidump .PAF .bmc .rdp .rtf .reg .SHS .slk .SCR .set .SettingContent-ms .SHD .SPL .scr HammerDrillStatus.dll Microsoft\Windows\WER\ .ICL .sdb .SCT .SHB Temp\Temp1_ \Microsoft\;CLR_v;\UsageLogs\ .ade .adp .application .appref-ms .asc .bmf .cer .dmp .gpg .htm .html .json SentinelRanger.exe .jsp .key .mof .ocx .p7b .p12 .pem .pfx .pgp .php .ppk .war .xml C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\NableUpdateService.exe;C:\Program Files (x86)\N-able Technologies\Reactive\bin\NableReactiveManagement.exe;C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe;C:\Program Files (x86)\MspPlatform\FileCacheServiceAgent\FileCacheServiceAgent.exe;AutomationManager.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe Software\Famatech\advanced_ip_scanner\State LastRangeUsed SetValue \Software\Microsoft\Terminal Server Client DefaultPrinter HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318} SetValue HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da} SetValue HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318} SetValue HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000} SetValue HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974 SetValue HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318} SetValue HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a} SetValue HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359} SetValue Root\InventoryDevicePnp;prod_virtual_dvd-rom SetValue MountedDevices Mountpoints2 Active Setup\Installed Components HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\ LoggedOnUser LastLoggedOnUser LastLoggedOnProvider HKCR\ms-msdt\ HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics\TurnOffCheck

DWORD (0x00000001)

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost \print\ \AzureAttestService\CoInitializeSecurityParam C:\$WINDOWS.~BT\ \AccessVBOM C:\Windows\system32\svchost.exe;C:\WINDOWS\system32\mmc.exe;C:\Windows\system32\userinit.exe Security\VBAWarnings C:\Windows\system32\svchost.exe;C:\WINDOWS\system32\mmc.exe;C:\Windows\system32\userinit.exe Security\VBAWarnings C:\Windows\system32\svchost.exe;C:\WINDOWS\system32\mmc.exe;C:\Windows\system32\userinit.exe EXCEL.exe;WINWORD.exe {8BD21D32-EC42-11CE-9E0D-00AA006002F3};{5B9D8FC8-4A71-101B-97A6-00000B65C08B} HKCU\di HKCU\� HKLM\SOFTWARE\Microsoft\AMSI\Providers\ hklm\software\microsoft\windows script\settings\amsienable hkcu\software\microsoft\windows script\settings\amsienable Google\Chrome\Extensions update_url SetValue Google\Chrome extensions.settings SetValue ForcePasswordReset HKLM\SECURITY\Policy\Secrets\$MACHINE.ACC\CurrVal HKLM\SAM\SAM\DOMAINS\Account\Users\ Last Password Change HKLM\SAM\SAM\DOMAINS\Account\Users\ Account Expiration HKLM\SAM\SAM\DOMAINS\Account\Users\ Last Failed Logon HKLM\SAM\SAM\Domains\Builtin\Aliases\00000220\ HKLM\SAM\SAM\Domains\Builtin\Aliases\0000022B\ SOFTWARE\Microsoft\Wow64\x86\ SetValue \CurrentVersion\Run\ C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe;\AppData\Local\Microsoft\Teams\current\Teams.exe;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Drive File Stream;\GoogleDriveFS.exe;startup_mode

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe;no-startup-window;win-session-start;prefetch

\Application\chrome.exe;no-startup-window;win-session-start;prefetch

\SentinelUI.exe" /minimized

C:\Program Files (x86)\Duo Device Health\Duo Device Health.exe

\Microsoft\System\Scripts \Windows\System\Scripts HKLM\SYSTEM\Setup\CmdLine \Start

DWORD (0x00000000)

\Start

DWORD (0x00000001)

\Start

DWORD (0x00000002)

\Start

DWORD (0x00000003)

\Start

DWORD (0x00000004)

\ImagePath \ServiceDll \ServiceManifest hkcu\software\microsoft\windows nt\currentversion\windows\run\ hkcu\software\microsoft\windows\currentversion\explorer\shell folders\common startup hkcu\software\microsoft\windows\currentversion\explorer\shell folders\startup hklm\software\microsoft\command processor\autorun hkcu\software\microsoft\windows nt\currentversion\accessibility\ATs\\*(1)\StartExe Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Startup \Print\Monitors HKLM\SAM\SAM\DOMAINS\Account\Users\Names\ $ CreateKey HKLM\SAM\SAM\DOMAINS\Account\Users\Names\ $ CreateKey HKLM\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{5770385f-c22a-43e0-bf4c-06f5698ffbd9} C:\WINDOWS\sysmon64.exe C:\WINDOWS\sysmon.exe C:\Programdata\sysmon\sysmon64.exe HKCR\ (Default) \shell\open\command\(Default)

URL:

HKCU\Software\Classes\ (Default) \shell\open\command\(Default)

URL:

HKCR\ \shell\open\command\(Default)

%1

HKCU\Software\Classes\ \shell\open\command\(Default)

%1

\shell\open\command\DelegateExecute HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe Session Manager\KnownDlls Outlook\Addins Word\Addins Excel\Addins Powerpoint\Addins Software\Microsoft\VSTO\Security\Inclusion\ Software\Microsoft\VSTO\SolutionMetadata\ cmmgr32.exe HKLU\Software\Microsoft\Command Processor\AutoRun HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute HKLM\System\CurrentControlSet\Control\Session Manager\Execute HKLM\Software\Wow6432Node\Microsoft\Command Processor\AutoRun HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug HKLM\Software\Microsoft\Command Processor\AutoRun HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit\ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup UserInitMprLogonScript HKLM\SYSTEM\CurrentControlSet\Control\BootVerificationProgram\ImagePath HKLM\System\CurrentControlSet\Control\Lsa\Authentication Packages HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages HKLM\System\CurrentControlSet\Control\Lsa\OSConfig\Authentication Packages HKLM\System\CurrentControlSet\Control\Lsa\OSConfig\Notification Packages HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages \InprocServer32\(Default);\LocalServer32\(Default);\ScriptletURL\(Default)

C:\Users\Public\;$Recyclebin;\temp\;\Desktop\;\Downloads\;\Content.Outlook\;\Microsoft\Office\

C:\WINDOWS\SYSTEM32\UpdateDeploy.dll

\InprocServer32\(Default);\LocalServer32\(Default);\ScriptletURL\(Default)

C:\WINDOWS\SYSTEM32\UpdateDeploy.dll

\ProgID\(Default);\TreatAs\(Default) \Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ Debugger;ReportingMode;MonitorProcess \Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ GlobalFlag

DWORD (0x00000200)

\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\ MonitorProcess \Microsoft\Windows NT\CurrentVersion\SilentProcessExit\ ReportingMode

DWORD (0x00000001)

\Microsoft\Windows NT\CurrentVersion\SilentProcessExit CreateKey \Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules\ C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{;}\EDGEMITMP_;.tmp\setup.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe C:\Program Files\Microsoft Office\root\integration\integrator.exe \Installer\setup.exe;C:\Program Files\Google\Chrome Beta\Application\ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\;\OfficeClickToRun.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree SD Microsoft\Windows\UpdateOrchestrator HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\SD HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Per-Machine Standalone Update Task\SD HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates\SD HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates Logon\SD HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Performance Monitor\SD HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\SnapshotCleanupTask\SD HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor\SD HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates 2.0\SD Microsoft\Windows\UpdateOrchestrator;\AMDInstallLauncher\SD;\SD;ASUS Switch;\PowerToys\Autorun for HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree ID HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks Author HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks Path HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks Date HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot SetValue \Environment\ HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

DWORD (0x00000000)

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin

DWORD (0x00000000)

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop

DWORD (0x00000000)

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy \Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe exefile\shell\runas\command\isolatedCommand \Hidden SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist\ $

DWORD (0x00000000)

HKLM\SYSTEM\CurrentControlSet\Services\SysmonDrv\Parameters C:\WINDOWS\sysmon64.exe C:\WINDOWS\sysmon.exe C:\Programdata\sysmon\sysmon64.exe C:\Programdata\sysmon\sysmon.exe C:\Windows\TEMP\sysmon.exe C:\Windows\TEMP\SYS HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel MitigationOptions;MitigationAuditOptions HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options MitigationOptions;MitigationAuditOptions HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vmcompute.exe\0\MitigationOptions HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vmwp.exe\0\MitigationOptions msiexec.exe TiWorker.exe HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options MitigationOptions;MitigationAuditOptions C:\Program Files\Microsoft Office 15\root\integration\integrator.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Acro DisableTaskMgr C:\WINDOWS\system32\svchost.exe C:\windows\SysWOW64\svchost.exe HKLM\SYSTEM\CurrentControlSet\ \Instances\;Altitude HKLM\System\CurrentControlSet\Services\CldFlt\Instances\CldFlt\Altitude SetValue \Security\Level

DWORD (0x00000001)

\Security\Level

DWORD (0x00000002)

\Security\Level

DWORD (0x00000003)

\Security\Level

DWORD (0x00000004)

\Outlook\Security \Security\Level \Word\Security \Excel\Security \Security\Level1Remove \HideSCAHealth HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify HKLM\SOFTWARE\Microsoft\Security Center\UacDisableNotify HKLM\SOFTWARE\Microsoft\Security Center\DisableMonitoring HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify HKLM\SOFTWARE\Microsoft\Security Center\FirewallOverride HKLM\SOFTWARE\Microsoft\Security Center\AllAlertsDisabled HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\RPSessionInterval HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\SystemRestorePointCreationFrequency HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\FullSecureChannelProtection HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\SpyNetReporting HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\ \Enabled

DWORD (0x00000000)

C:\WINDOWS\system32\DrvInst.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\ \Enabled

DWORD (0x00000001)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\ \Enabled HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\ \ChannelAccess

(A;;0x1;;;SY);(A;;0x5;;;BA);(A;;0x1;;;LA)

C:\Windows\servicing\TrustedInstaller.exe;\TiWorker.exe HKLM\SOFTWARE\Policies\Microsoft\Windows\Powershell\ScriptBlockLogging \EnableScriptBlockLogging

DWORD (0x00000000)

C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe HKLM\SOFTWARE\Policies\Microsoft\Windows\Powershell\ScriptBlockLogging \EnableScriptBlockLogging DeleteKey;DeleteValue hklm\software\microsoft\windows\currentversion\policies\system\audit \ProcessCreationIncludeCmdLine_Enabled

DWORD (0x00000000)

hklm\software\microsoft\windows\currentversion\policies\system\audit \ProcessCreationIncludeCmdLine_Enabled DeleteKey;DeleteValue HKLM\System\CurrentControlSet\Services\Eventlog \CustomSD HKLM\System\CurrentControlSet\Services\Eventlog \MaxSize globallyopenports EnableFirewall HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List \Microsoft\.NETFramework\ETWEnabled

DWORD (0x00000000)

\Microsoft\.NETFramework\NGenAssemblyUsageLog SetValue \Environment\NGenAssemblyUsageLog SetValue \Environment\COMPlus_ETWEnabled \LastKey SymbolicLinkValue \Software\Microsoft\Windows\CurrentVersion\Explorer \AppData\;\ProgramData\;\Temp\;C:\users ‮ HKLM\System\CurrentControlSet\Control\SecurePipeServers\winreg \Software\Policies\Microsoft\SystemCertificates\;\SOFTWARE\Microsoft\EnterpriseCertificates\;HKLM\SOFTWARE\Microsoft\SystemCertificates\;HKLM\Software\Microsoft\Cryptography\Services\ServiceName\SystemCertificates\ CreateKey C:\WINDOWS\Sysmon64.exe C:\WINDOWS\Sysmon.exe C:\WINDOWS\system32\certsrv.exe C:\WINDOWS\system32\CompatTelRunner.exe C:\WINDOWS\system32\svchost.exe C:\Windows\SysWOW64\SearchProtocolHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskhost.exe C:\windows\SysWOW64\svchost.exe C:\WINDOWS\System32\DriverStore\FileRepository\asus C:\ProgramData\Microsoft\Windows Defender\Platform\ C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe fDenyTSConnections Terminal Server\WinStations\RDP-Tcp RDP-tcp\PortNumber Control\Terminal Server\fSingleSessionPerUser � Й;ќ;Л;я;К HKLM\HARDWARE\ACPI\DSDT SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\Account Name SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\Display Name SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\Email SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\HTTP User SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\IMAP User SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\MAPI Provider SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\POP3 User SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\SMTP User HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\HTTP Password SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\IMAP Password SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\POP3 Password SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\SMTP Password HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultDomainName HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName SecurityPasswordAES OptionsPasswordAES SecurityPasswordExported PermanentPassword HKLM\SOFTWARE\GitForWindows HKLM\SAM\SAM\DOMAINS\Account\Users\Names\ DeleteKey HKLM\SYSTEM\CurrentControlSet\Control\BitlockerStatus\BootStatus

DWORD (0x00000001)

HKLM\SYSTEM\CurrentControlSet\Control\BitlockerStatus\BootStatus

DWORD (0x00000000)

\Services\VSS\Diag\(Default) HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters HKLM\SYSTEM\CurrentControlSet\Services\Lanmanworkstation\Parameters \LastKey \WinStationsDisabled \TSServerDrainMode \TypedURLs HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\disabledcomponents HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage\Bind

Binary Data

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards services\http\parameters\urlaclinf cRecentFiles\c1\ tDIText \File MRU\Item 1 HKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\ConfigHash HKLM\SOFTWARE\Classes\ CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKLM\Software\Microsoft\Windows\CurrentVersion\RunService HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce CurrentVersion\Windows\Load CurrentVersion\Windows\Run CurrentVersion\Winlogon\Shell CurrentVersion\Winlogon\System \Software\Microsoft\Windows NT\CurrentVersion\Windows\load \Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run \Software\Microsoft\Windows\CurrentVersion\RunServicesOnce SOFTWARE\Microsoft\.NETFramework\ETWEnabled \Group Policy\Scripts Terminal Server\Wds\rdpwd\StartupPrograms Winlogon\AlternateShells\AvailableShells Policies\System\Shell Windows CE Services\AutoStartOnConnect Windows CE Services\AutoStartOnDisconnect CurrentVersion\URL \CurrentVersion\Font Drivers HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown CurrentVersion\Windows\IconServiceLib Active Setup\Installed Components NullSessionShares NullSessionPipes PasswordExpiryNotification SafeBoot\AlternateShell Desktop\Scrnsave.exe \DisplayVersion \ModifyPath \Microsoft\Windows\CurrentVersion\Uninstall\ \UninstallString Terminal Server\WinStations\RDP-Tcp\InitialProgram HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman \Explorer\FileExts\ \shell\install\command\ \ProfileImagePath \Classes\AllFilesystemObjects\ \Classes\*\ \Software\Microsoft\Ctf\LangBarAddin \ContextMenuHandlers\ \CurrentVersion\Shell HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellIconOverlayIdentifiers \Classes\Directory\ \Classes\Drive\ HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks \Classes\Folder\ \Hidden \HideFileExt \SOFTWARE\Microsoft\Internet Explorer\Desktop\Components \SOFTWARE\Classes\Protocols\Filter \SOFTWARE\Classes\Protocols\Handler \SharedTaskScheduler \ShowSuperHidden \ColumnHandlers \CopyHookHandlers \ExtShellFolderViews \PropertySheetHandlers \ShellServiceObjectDelayLoad \ShellServiceObjects HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\ HKLM\System\CurrentControlSet\Control\Session Manager\S0InitialCommand HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\InitialProgram HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\ \3\1809 \3\2500 \3\1206 \DisableSecuritySettingsCheck HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries HKLM\SYSTEM\CurrentControlSet\Services\WinSock\ \ProxyServer SavedLegacySettings Software\Microsoft\Windows\CurrentVersion\Internet Settings\Proxy EnableConsoleTracing EnableFileTracing HKLM\SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ HKLM\SOFTWARE\Microsoft\Netsh HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders\ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls\ HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls\ Office Test\ \Internet Explorer\Toolbar\ \Internet Explorer\Extensions\ \Browser Helper Objects\ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\ \UrlUpdateInfo \InstallSource HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\ \Exclusions\Paths \Exclusions\Extensions \Exclusions\Processes TamperProtection HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ \Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff \Software\Policies\Microsoft\Windows\System\Scripts\Logoff \Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logon \Software\Policies\Microsoft\Windows\System\Scripts\Logon HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Shutdown HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup Domain DHCPDefaultGateway DhcpIPAddress DhcpNameserver Dhcpserver DhcpSubnetMask Nameserver \DefaultGateway PersistentRoutes }\Category HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles SubnetMask \Trusted Documents\TrustRecords Software\Microsoft\VBA\7.1\Common Software\Microsoft\VBA\7.1\Trusted \Security\DontTrustInstalledFiles \Security\Trusted Locations Security\ProtectedView\DisableInternetFilesInPV Security\ProtectedView\DisableAttachmentsInPV Security\ProtectedView\DisableUnsafeLocationsInPV Software\WinRAR\ArcHistory WinZip\mru\ Recent File List Outlook\WebView\Inbox Outlook\Today\UserDefinedUrl Outlook\WebView\Calendar \Place MRU \LinkDate \DriverVerVersion \DriverVersion \LowerCaseLongPath \Publisher Compatibility Assistant\Store\ \BinProductVersion Root\InventoryApplicationShortcut\ Root\InventoryDriverBinary Root\InventoryDriverPackage Root\InventoryDevicePnp Root\InventoryDeviceContainer Root\InventoryApplication\ ProgramID;Name;Version;Publisher;Language;InstallDate;Source;RootDirPath;HiddenArp;UninstallString;RegistryKeyPath;UserSID;sha256 Root\InventoryApplicationFile\ ProgramId;FileId;LowerCaseLongPath;Name;OriginalFileName;Publisher;Version;binfileversion;LinkDate;Size;Language;USN;IsPeFile;IsOsComponent;sha256;AppxPackageFullName pingsender.exe Root\InventoryApplicationAppV\ Root\InventoryMiscellaneousOfficeAddIn;Root\InventoryMiscellaneousOfficeIdentifiers;Root\InventoryMiscellaneousOfficeIESettings;Root\InventoryMiscellaneousOfficeInsights;Root\InventoryMiscellaneousOfficeProducts;Root\InventoryMiscellaneousOfficeSettings;Root\InventoryMiscellaneousOfficeVBA;Root\InventoryMiscellaneousOfficeVBARuleViolations \Control\hivelist \Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume Drive Type

DWORD (0x00000011)

\Explorer\MountPoints2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices HKLM\System\CurrentControlSet\services\ \DeleteFlag

DWORD (0x00000001)

HKLM\System\CurrentControlSet\services\ \Type

DWORD (0x00000001)

HKLM\System\CurrentControlSet\services\ \Type

DWORD (0x00000002)

HKLM\System\CurrentControlSet\services\ \Type

DWORD (0x00000004)

HKLM\System\CurrentControlSet\services\ \Type

DWORD (0x00000020)

HKLM\System\CurrentControlSet\services\ \Type

DWORD (0x00000020)

HKLM\System\CurrentControlSet\services\ \Type

DWORD (0x00000100)

HKLM\System\CurrentControlSet\services\ \Group HKLM\System\CurrentControlSet\services\ \DependOnService HKLM\System\CurrentControlSet\services\ \BinaryPathName HKLM\System\CurrentControlSet\services\ \RequiredPrivileges HKLM\System\CurrentControlSet\services\ \Owners HKLM\System\CurrentControlSet\services\ \ObjectName HKLM\System\CurrentControlSet\services\ \ServiceStartName HKLM\System\CurrentControlSet\services\ \ErrorControl HKLM\System\CurrentControlSet\services\ \DependOnGroup HKLM\System\CurrentControlSet\services\ \DisplayName HKLM\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder \List HKLM\System\CurrentControlSet\services\ \Type

DWORD (0x00000001)

\ConsentStore\bluetooth \ConsentStore\contacts \ConsentStore\hunmanInterfaceDevice \ConsentStore\location \ConsentStore\microphone \ConsentStore\usb\ \ConsentStore\webcam \ConsentStore\humanInterfaceDevice LastVisitedMRU SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\RegEdit \Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU HKLM\SYSTEM\CurrentControlSet\Enum\USBSTOR HKLM\SYSTEM\CurrentControlSet\Control\Safeboot\ C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe;C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust HKLM\SOFTWARE\Microsoft\Cryptography\OID HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters\ServerLevelPluginDll Classes\exefile\shell\runas\command\isolatedCommand \FriendlyName HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\ \Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress\(Default) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB HKLM\SOFTWARE\Microsoft\Tracing\ HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}

ndis;rndis

HKLM\SYSTEM\CurrentControlSet\Services\PortProxy\v4tov4 \Software\AppDataLow\Software\Microsoft\

.exe;.dll;powershell;wmic

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel

DWORD (0x00000005)

Software\Microsoft\Office test\Special\Perf \CurrentControlSet\Services\NTDS\LsaDbExtPt \Services\NTDS\DirectoryServiceExtPt GoToMyPc\FileTransfer\history GoToMyPc\GuestInvite Filesharing DesktopSharing LogIncomingConnections LogOutgoingConnections PermanentPasswordDate Security_Adminrights vncviewer\MRU Autostart_GUI Meeting_UserName BuddyLoginName BuddyLoginTokenID Always_Online HKLM\SOFTWARE\Microsoft\CurrentVersion\Policies\System\EnableLinkedConnections Software\recfg \Keyboard Layout\Preload\ \Keyboard Layout\Substitutes\ HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\ HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\ HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\ \Client\Enabled \Server\Enabled Kitty\Sessions HKLM\SYSTEM\CurrentControlSet\Control\Lsa\NtlmMinClientSec HKLM\SYSTEM\CurrentControlSet\Control\Lsa\RestrictSendingNTLMTraffic PuTTY\Sessions Terminal Server Client\Servers WinSCP 2\Sessions C:\Program Files (x86)\Kaspersky Lab C:\Program Files\Kaspersky Lab C:\Program Files (x86)\ESET C:\Program Files\ESET \EnableBHO HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports Control\Print\Environments\Windows x64\Drivers \Microsoft\.NETFramework;NGenAssemblyUsageLog \REGISTRY\A\;LocalState\admin_settings Content.IE5;INetCache .exe;.zip;.ps1;.bat;.rar;.vbs;.hta :Zone.Identifier blob:;about:internet 56ceb6d0011d87b6e4d7023d7ef85676;4f2eb62fa529c0283b28d05ddd311fae;b91ce2fa41029f6955bff20079468448;b91ce2fa41029f6955bff20079468448;846e27a652a5e1bfbd0ddd38a16dc865;2c4a910a1299cdae2a4e55988a2f102e SHA256=074eb0e75bb2d8f59f1fd571a8c5b76f9c899834893da6f7591b68531f2b5d82 SHA256=45c8233236a69a081ee390d4faa253177180b2bd45d8ed08369e07429ffbe0a9 SHA256=9ceca98c2b24ee30d64184d9d2470f6f2509ed914dafb87604123057a14c57c0 SHA256=29b75f0db3006440651c6342dc3c0672210cfb339141c75e12f6c84d990931c3 SHA256=c8c907a67955bcdf07dd11d35f2a23498fb5ffe5c6b5d7f36870cf07da47bff2 SHA256=76a2f2644cb372f540e179ca2baa110b71de3370bb560aca65dcddbd7da3701e Startup;Content.Outlook;Downloads;Recycle;\Users\;\ProgramData\;\Windows\;Temp\7z;Temp\;Startup;.vb;.vbe;.vbs;.application;.appref-ms;.bat;.cmd;.cmdline;.docm;.exe;.lnk;.eml;.dll;.sys;.hta;.pptm;.ps1;.sys;.reg;.docm;.xlsm;.xlam;.pptm;.potm;.pptm;.sldm;.scf;.appref-ms;.rdp;.vbs;.js;.pem;.crt;.ca-bundle;.cer;.csr;.der;.p7b;.p7r;.p7s;.pfx;.sto;.p12;.crl;.sst;.key;:bin;.mht;.manifest;.cpl;.scr;.inf IMPHASH=84B763C45C0E4A3E7CA5548C710DB4EE IMPHASH=19584675D94829987952432E018D5056 IMPHASH=330768a4f172e10acb6287b87289d83b IMPHASH=00000000000000000000000000000000 AppData\Local\Microsoft\Windows\AppCache\ \Microsoft\Windows\INetCache\ \Microsoft\Windows\Temporary Internet Files\Content.IE5 \Mozilla\Firefox\Profiles\ .default\prefs-1.js Microsoft\Windows\Start Menu\Programs\Startup msagent_;\MSSE-;postex;\status_ \atctl;\userpipe;\iehelper;\sdlrpc;\comnap \PSEXESVC -stdin -stdout RemCom_ stdin;stdout;stderr;communication \svcctl \ntsvcs ConnectPipe \lsadump;\cachedump;\wceservicepipe \9f81f59bc58452127884ce513865ed20 \46a676ab7f179e511e30dd2dc41bd388 tssmp_endpoint \NamePipe_MoreWindows \WCEServicePipe \ahexec \cachedumppipe \csexec \e710f28d59aa529d6792ca6ff0ca1b34 \isapi_dg \isapi_http \isapi_http \lsadump \lsassw \paexec \pcheap_reuse \gruntsvc \remcom \rpchlp_3 \sdlrpc \winsession \adschemerpc \AnonymousPipe \bc367 \bc31a7 \testPipe msf-pipe \atsvc \isapi_http;\isapi_dg;\isapi_dg2;\sdlrpc;\ahexec;\winsession;\lsassw;\46a676ab7f179e511e30dd2dc41bd388;\9f81f59bc58452127884ce513865ed20;\e710f28d59aa529d6792ca6ff0ca1b34;\rpchlp_3;\NamePipe_MoreWindows;\pcheap_reuse;\gruntsvc;\583da945-62af-10e8-4902-a8f205c72b2e;\bizkaz;\Posh;\jaccdpqnvbrrxlaf;\csexecsvc \atctl;\userpipe;\iehelper;\sdlrpc;\comnap \DserNamedPipe;\mypipe-;\windows.update.manager;\ntsvcs_;scerpc_;\demoagent;\PGMessagePipe;\MsFTeWds;\f4c3;\fullduplex_;\msrpc_;\f53f;\rpc_;\spoolss_;\win_svc;\SearchTextHarvester;demoagent_ \wkssvc \spoolss \scerpc \ntsvcs \SearchTextHarvester \PGMessagePipe \MsFteWds ConnectPipe \MICROSOFT##WID\tsql\query \Winsock2\CatalogChangeListener- -0, \pipe\ CtxSharefilepipe0 \winreg Anonymous Pipe C:\Program Files\Cavelo\Cavelo Agent\cavelo_windows_amd64.exe;C:\Program Files\Cavelo\Cavelo Agent\parser.exe C:\Program Files (x86)\N-Able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe;\AutomationManager.ScriptRunner64.exe ConnectPipe lsass \SQLLocal\RTCLOCAL \spoolss C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\LxRun.exe C:\Windows\System32\SearchIndexer.exe C:\Windows\System32\smss.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\wininit.exe C:\Windows\system32\DFSRs.exe C:\Windows\SystemApps\Microsoft.Windows C:\Windows\Microsoft.NET\Framework ngen.exe C:\Windows\SystemApps\ShellExperienceHost_ ShellExperienceHost.exe C:\Windows\system32\SearchProtocolHost.exe \System ProtectedPrefix\LocalService\FTHPIPE Exchange Server C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\BIN\OWSTIMER.EXE C:\Windows\syswow64\snmp.exe c:\windows\system32\inetsrv\w3wp.exe \M.E.C.Core.WinRMDataCommunicator.NamedPipe. C:\Windows\system32\dns.exe \sql\query C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe \TDLN- vmware- \InitShutdown \MsFteWds \W32TIME_ALT \WiFiNetworkManagerTask \Winsock2CatelogChangeListener \browser \epmapper \eventlog \scerpc \wkssvc \ntapvsrq \AutomationManagerAgent Created type: 16;type: 16 powershell.exe github powershell.exe powershell;cscript.exe;wscript.exe;mshta.exe;bitsadmin.exe;\cmd.exe . dropboxapi.com \Dropbox\Client\Dropbox.exe;\Dropbox\bin\Dropbox.exe;\Oracle\Java\ 1drv \AppData\Local\Microsoft\OneDrive\OneDrive.exe;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe;\Internet Explorer\iexplore.exe;C:\Windows\System32\AppHostRegistrationVerifier.exe;C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe;C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe;C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe;C:\Program Files\Mozilla Firefox\firefox.exe .box.com;upload mega.nz;mega.co.nz privatlab.com thedoccloud.com;deftsecurity.com;websitetheme.com;highdatabase.com;incomeupdate.com;zupertech.com;panhardware.com;databasegalore.com;avsvmcloud.com;freescanonline.com tiktok;parler.com;gab.com;mewe.com;4chan;8chan;facebook;fbcdn;twitter;instagram;snapchat efnet;undernet;freenode;ircnet;.rizon;quakenet;oftc.net;dalnet .slack.com;discord.;telegram.;rocketchat.;mattermost.;flock.com advanced-ip-scanner.com kali.download 0x1f4b0.com;1q2w3.life;1q2w3.website;31.187.64.216;185.193.38.148;aalbbh84.info;adfreetv.ch;adless.io;adplusplus.fr;adrenali.gq;ajcryptominer.com;ajplugins.com;allfontshere.press;altavista.ovh;amhixwqagiz.ru;appelamule.com;arizona-miner.tk;aster18cdn.nl;aster18prx.nl;avero.xyz;averoconnector.com;bauersagtnein.myeffect.net;bhzejltg.info;blazepool;blockmasters;blockmasterscoins;bmnr.pw;bmst.pw;bohemianpool;carry.myeffect.net;cashbeet.com;cdn-code.host;cfceu.duckdns.org;cfcnet.gdn;cfcnet.top;cfcs1.duckdns.org;chainblock.science;cieh.mx;coin-hive.com;coin-service.com;coin-services.info;coiner.site;coinpirate.cf;coinrail.io;coinwebmining.com;cpu2cash.link;cryptaloot.pro;cryptmonero;crypto-loot.com;crypto-pool;crypto-webminer.com;cryptoloot.pro;d-ns.ga;dataservices.download;directprimal.com;dwarfpool;encoding.ovh;eth-pocket.com;eth-pocket.de;eth-pocket.eu;ethereum-pocket.de;ethereum-pocket.eu;ethtrader.de;eu.nimpool.io;eu.sushipool.com;f1tbit.com;flnqmin.org;freecontent.bid;freecontent.date;freecontent.loan;freecontent.racing;freecontent.stream;freecontent.win;gnrdomimplementation.com;graftpool.ovh;greenindex.dynamic-dns.net;gustaver.ddns.net;hashrefinery;hashvault.pro;herphemiste.com;hide.ovh;hk.rs;hlpidkr.ru;hodlers.party;hodling.faith;hostingcloud.win;hrfziiddxa.ru;ihdvilappuxpgiv.ru;imhvlhaelvvbrq.ru;insdrbot.com;irrrymucwxjl.ru;istlandoll.com;ivuovhsn.ru;iwanttoearn.money;ixvenhgwukn.ru;jqassets.download;jqr-cdn.download;jqrcdn.download;jquerrycdn.download;jqwww.download;jqxrrygqnagn.ru;jscoinminer.com;jwduahujge.ru;ksimdw.ru;l33tsite.info;laferia.cr;ledhenone.com;ltstyov.ru;mepirtedic.com;mine.bz;minercircle.com;minercry.pt;minergate;minero.cc;miners.pro;minescripts.info;mininghub.club;miningpoolhubcoins;minr.pw;mixpools.org;mmc.center;mollnia.com;monerise.com;monero.lindon-pool.win;monero;moriaxmr.com;munero.me;mxcdn1.now.sh;mxcdn2.now.sh;myadstats.com;mypool.online;nablabee.com;nanopool.org;nathetsof.com;nicehash;nimiqpool.com;node.philpool.com;npcdn1.now.sh;nunu-001.now.sh;ogondkskyahxa.ru;ogrid.org;oinkinns.tk;olecintri.com;omine.org;onvid.club;open-hive-server-1.pp.ua;oxwwoeukjispema.ru;pcejuyhjucmkiny.ru;pool.nimiq.watch;pool.nimiqchain.info;pool.porkypool.com;pool.xmr;poolto.be;prohash.net;prohash;proj2018.xyz;pzoifaum.info;ratchetmining.com;realnetwrk.com;reauthenticator.com;rove.cl;ruvuryua.ru;s7ven.com;scaleway.ovh;sentemanactri.com;sickrage.ca/ch;sighash.info;slushpool;soodatmish.com;sparechange.io;statdynamic.com;stati.bid;staticsfs.host;streamplay.to;suprnova.cc;svivqrhrh.ru;sxcdn02.now.sh;sxcdn3.now.sh;sxcdn4.now.sh;sxcdn6.now.sh;synconnector.com;teracycle.net;tercabilis.info;thelifeisbinary.ddns.net;thersprens.com;torrent.pw;ulnawoyyzbljc.ru;unrummaged.com;uoldid.ru;usxmrpool;viaxmr.com;vpzccwpyilvoyg.ru;vzzexalcirfgrf.ru;wbmwss.beetv.net;webmine.cz;webmine.pro;webminepool.tk;webminerpool.com;webwidgetz.duckdns.org;wmemsnhgldd.ru;wmtech.website;wmwmwwfmkvucbln.ru;wrxgandsfcz.ru;xmrm.pw;xmrminingproxy.com;xmrpool;yiimp;yuyyio.com;zavzlen.ru;zergpool;zergpoolcoins;ziykrgc.ru;zlx.com.br;zpool;analytics.blue;estream.to graph.microsoft.com dl.dropboxusercontent.com api.onedrive.com zoom.us teamviewer Screenconnect census researchscan scanhub shadow shodan .download .kp .su .ss .xn .sy .ve .xxx .cn .click .club .ir .ru .host .icu .pw .website .ninja .rocks .top .ua .xyz kuternull.com;rimrun.com;0ffice36o;asushotfix;infestexe;rahasn.webhop.org;rahasn.akamake.net;rahasn.homewealth.biz;winodwsupdates;israirairlines githubusercontent.com;github.com api.ipify.org;whatismyipaddress.com;edns.ip-api.com;checkip.dyndns.org;icanhazip.com;ifconfig.me;ifconfig.co;ipaddress.com;ipecho.net;ident.me;api.ip.sb;www.myexternalip.com;ip.anysrc.net;wtfismyip.com;myexternalip.com;ipecho.net;checkip.amazonaws.com;goo.gl;git.io;bit.ly;ow.ly;ip-api.com tiny-share.com;paste.ee;pastebin.com afraid.org;duckdns.org;changeip.com;ddns.net;hopto.org;zapto.org;servehttp.com;sytes.net;whoer.net;bravica.net;ip.webmasterhome.cn;whatsmyip.us;myip.kz;ip-addr.es;curlmyip;anysrc.net;anysrc.net;dlinkddns.com;no-ip.com;no-ip.org;no-ip.biz;no-ip.info;noip.com darknet.to;hiddenservice.net;onion.cab;onion.city;onion.direct;onion.nu;onion.pet;onion.plus;onion.rip;onion.sh;onion.si;onion.to;onion.top;onion.ws;tor-gateways.de;tor2net.com;tor2web.blutmagie.de;tor2web.fi;tor2web.info;tor2web.io;tor2web.org adblock.mydns.network;ibksturm.synology.me;jcdns.fun;ibuki.cgnat.net;dns.twnic.tw;commons.host;doh.dnswarden.com;dns-nyc.aaflalo.me;dns.aaflalo.me;doh.appliedprivacy.net;doh.captnemo.in;doh.tiar.app;doh.tiarap.org;doh.defaultroutes.de;doh.dns.sb;dns.oszx.co;2.dnscrypt-cert.oszx.co;dnscrypt;edns.233py.com;hk-dns.233py.com;hk2dns.233py.com;hkdns.233py.com;hkdns.233py.com;ndns.233py.com;sdns.233py.com;wdns.233py.com;pastebin.com;dns.adguard.com;dns-family.adguard.com;security-filter-dns.cleanbrowsing.org;family-filter-dns.cleanbrowsing.org;adult-filter-dns.cleanbrowsing.org;cloudflare-dns.com;mozilla.cloudflare-dns.com;dns.233py.com;dns.aaflalo.me;dns.google;doh.opendns.com;dns.quad9.net;dns9.quad9.net;dns10.quad9.net;dns11.quad9.net;doh.xfinity.com;dns.nextdns.io;dns.dnsoverhttps.net;doh.crypto.sx;doh.powerdns.org;doh-ch.blahdns.com;doh-de.blahdns.com;dns.rubyfish.cn;dns.containerpi.com;doh-2.seby.io;doh.seby.io;rdns.faelix.net;doh.li;doh.armadillodns.net;doh.netweaver.uk;doh.42l.fr;dns.aa.net.uk gc._msdcs. _kerberos._tcp.dc._msdcs. _kerberos._udp.dc._msdcs. _ldap._tcp.pdc._msdcs. wpad _ldap. C:\Windows\ unknown process C:\ProgramData\Microsoft\Windows Defender\Platform\;\Windows Defender\MsMpEng.exe;C:\Windows\ System;svchost.exe;services.exe;unknown process;\;; C:\Program Files\Cavelo\Cavelo Agent\cavelo_windows_amd64.exe;C:\PROGRA~2\BEANYW~1\GETSUP~1\TCIntegratorCommHelper.exe;C:\ProgramData\Cavelo\jre\bin\java.exe;C:\Program Files\SentinelOne\;C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\NableUpdateService.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe;C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe;C:\Program Files (x86)\lpagent\lpagent.exe;C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe;C:\Program Files (x86)\N-able Technologies\Reactive\bin\NableReactiveManagement.exe;C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe;C:\Program Files (x86)\N-able Technologies\AutomationManagerEngine\2.70.0.4\AutomationManager.ScriptRunner64.exe C:\Program Files (x86)\Admin Arsenal\ C:\Program Files (x86)\CheckPoint\ C:\Program Files (x86)\Fortinet\ C:\Program Files\SentinelOne\ \Ranger\SentinelRanger.exe C:\Program Files (x86)\OpenDNS\OpenDNS Connector C:\Program Files (x86)\Razer\Razer Services\ C:\Program Files (x86)\Trend Micro\ C:\Program Files (x86)\VMware C:\Program Files (x86)\Veeam\ C:\Program Files\CheckPoint\ C:\Program Files\Trend Micro\ Slack.exe ConnectWise.exe git-remote-https.exe C:\Program Files (x86)\Enpass\Enpass.exe C:\Program Files (x86)\Fiserv\Vision\VisionGUI.NET.exe C:\Program Files (x86)\Fortinet\FortiClient\update_task.exe C:\Program Files (x86)\Lenovo\System Update\Tvsukernel.exe C:\Program Files\VMware\vCenter Server\jre\bin\java.exe C:\Program Files\VMware\vCenter Server\python\python.exe C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Manager.exe C:\Windows\SysWOW64\SearchProtocolHost.exe C:\Windows\System32\dsregcmd.exe C:\Windows\sysmon64.exe C:\Windows\sysmon.exe brave-sync.s3.dualstack. .salesforceliveagent.com ads-serve.brave.com .msftncsi.com ..localmachine -pushp.svc.ms .b-msedge.net .bing.com .hotmail.com .live.com .live.net .microsoft.com .microsoftonline.com .microsoftstore.com .ms-acdc.office.com .msedge.net .msn.com .msocdn.com .s-microsoft.com .skype.com .skype.net .windows.com .windows.net.nsatc.net .windowsupdate.com .xboxlive.com login.windows.net .activedirectory.windowsazure.com .msauth.net .msftauth.net .opinsights.azure.com management.azure.com outlook.office365.com portal.azure.com .mozaws.net .mozilla.com .mozilla.net .mozilla.org .spotify.com .spotify.map.fastly.net googleapis.com clients1.google.com clients2.google.com clients3.google.com clients4.google.com clients5.google.com clients6.google.com cloudsearch.googleapis.com id.google.com safebrowsing.googleapis.com www.googleapis.com .akadns.net .netflix.com .typekit.net aspnetcdn.com ajax.googleapis.com cdnjs.cloudflare.com cdnjs.cloudflare.com fonts.googleapis.com .steamcontent.com .disqus.com .fontawesome.com disqus.com .1rx.io .2mdn.net .adadvisor.net .adap.tv .addthis.com .adform.net .adnxs.com .adroll.com .adrta.com .adsafeprotected.com .adsrvr.org .advertising.com .amazon-adsystem.com .amazon-adsystem.com .analytics.yahoo.com .aol.com .betrad.com .bidswitch.net .casalemedia.com .chartbeat.net .cnn.com .convertro.com .criteo.com .criteo.net .crwdcntrl.net .demdex.net .domdex.com .dotomi.com .doubleclick.net .doubleverify.com .emxdgt.com .exelator.com .google-analytics.com .googleadservices.com .googlesyndication.com .googletagmanager.com .googlevideo.com .gstatic.com .gvt1.com .gvt2.com .ib-ibi.com .jivox.com .mathtag.com .moatads.com .moatpixel.com .mookie1.com .myvisualiq.net .netmng.com .nexac.com .nexac.com .openx.net .optimizely.com .outbrain.com .pardot.com .phx.gbl .pinterest.com .pubmatic.com .quantcount.com .quantserve.com .revsci.net .rfihub.net .rlcdn.com .rubiconproject.com .scdn.co .scorecardresearch.com .serving-sys.com .sharethrough.com .simpli.fi .sitescout.com .smartadserver.com .snapads.com .spotxchange.com .taboola.com .taboola.map.fastly.net .tapad.com .tidaltv.com .trafficmanager.net .tremorhub.com .tribalfusion.com .turn.com .twimg.com .tynt.com .w55c.net .ytimg.com .zorosrv.com ads.yahoo.com 1rx.io adservice.google.com ampcid.google.com clientservices.googleapis.com d29x207vrinatv.cloudfront.net googleadapis.l.google.com imasdk.googleapis.com l.google.com ml314.com mtalk.google.com update.googleapis.com www.googletagservices.com .pscp.tv adsniper.ru cdnvideo.ru chat.minergate.com cwsa.minergate.com forum.minergate.com leadlab.click mc.yandex.ru pool.ntp.org vmg.host yandex.ru .adobe.com .autodesk.com .avast.com .avcdn.net .cdn.bitdefender.net .digicert.com .eset.com .globalsign.com .globalsign.net .intuit.com .java.com .macromedia.com .oracle.com .quickbooks.com .usertrust.com amazontrust.com ocsp.identrust.com pki.goog ads.playground.xyz citrixupdates.cloud.com forticlient.fortinet.net mft10.onbaseonline.com msocsp.com ocsp.comodoca.com ocsp.cybertrust.ne.jp ocsp.entrust.net ocsp.entrust.net ocsp.godaddy.com ocsp.int-x3.letsencrypt.org ocsp.intel.com ocsp.msocsp.com ocsp.quovadisglobal.com ocsp.quovadisoffshore.com ocsp.sectigo.com ocsp.starfieldtech.com ocsp.thawte.com ocsp.trustwave.com ocsp.verisign.com pki-goog.l.google.com pki.intel.com scrootca1.ocsp.secomtrust.net scrootca2.ocsp.secomtrust.net stats.anchor.host status.rapidssl.com status.thawte.com ts-ocsp.ws.symantec.com upgrade.bitdefender.com .;>;unknown;anonymous C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Symantec\ C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Symantec\ \BHO\ie_to_edge_stub.exe;\Microsoft\Teams\;\Vivaldi\Application\;Google\Chrome\;Google\Update;BraveSoftware\Brave-Browser\;Edge\Application\;EdgeUpdate\Install\;Program Files\SmartGit\ \appdata\local\google\chrome\user data\swreporter\;software_reporter_tool.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe NETWORK SERVICE; LOCAL SERVICE C:\Users\ \Downloads C:\Users\ Content.Outlook .exe .dll .sys .ocx .scr .cpl .efi .drv .ax .com .acm .mui .ime .tsp .tmp .ico C:\Windows\system32\MpSigStub.exe powershell.exe;powershell_ise.exe;pwsh.exe;Sqlps.exe cmd.exe;conhost.exe C:\Users\Public\ C:\Perflogs\ C:\Windows\Fonts\ C:\Windows\debug\ C:\Windows\Tasks\ C:\Windows\tracing\ C:\Windows\Help\ C:\Windows\Logs\ C:\Windows\System32\spool\SERVERS\ C:\Windows\System32\spool\PRINTERS\ C:\Windows\Help\ C:\Windows\SysWOW64\Tasks C:\ProgramData\Intel C:\ProgramData\Mozilla C:\ProgramData\chocolatey\ C:\ProgramData\Microsoft\DeviceSync C:\ProgramData\Microsoft\PlayReady C:\ProgramData\Microsoft\User Account Pictures C:\ProgramData\Microsoft\Office\Heartbeat C:\ProgramData\Microsoft\Windows\WER C:\Users\All Users\ C:\Users\;\Music\ C:\Users\;\Pictures\ C:\Users\;\Videos\ C:\Users\;\Contacts\ .7z.exe .doc.exe .docm.exe .docx.exe .htm.exe .html.exe .iso.exe .lnk.exe .pdf.exe .ppt.exe .pptx.exe .rar.exe .rtf.exe .txt.exe .xls.exe .xlsm.exe .xlsx.exe .zip.exe \EntenLoader.exe \SysmonQuiet.exe \SharpEvtMute.exe \EvtMuteHook.dll \SysmonEOP.exe IMPHASH=BCCA3C247B619DCD13C8CDFF5F123932 IMPHASH=3A19059BD7688CB88E70005F18EFC439 IMPHASH=bf6223a49e45d99094406777eb6004ba IMPHASH=0C106686A31BFE2BA931AE1CF6E9DBC6 IMPHASH=0D1447D4B3259B3C2A1D4CFB7ECE13C3 IMPHASH=1B0369A1E06271833F78FFA70FFB4EAF IMPHASH=4C1B52A19748428E51B14C278D0F58E3 IMPHASH=4D927A711F77D62CEBD4F322CB57EC6F IMPHASH=66EE036DF5FC1004D9ED5E9A94A1086A IMPHASH=672B13F4A0B6F27D29065123FE882DFC IMPHASH=6BBD59CEA665C4AFCC2814C1327EC91F IMPHASH=725BB81DC24214F6ECACC0CFB36AD30D IMPHASH=9528A0E91E28FBB88AD433FEABCA2456 IMPHASH=9DA6D5D77BE11712527DCAB86DF449A3 IMPHASH=A6E01BC1AB89F8D91D9EAB72032AAE88 IMPHASH=B24C5EDDAEA4FE50C6A96A2A133521E4 IMPHASH=D21BBC50DCC169D7B4D0F01962793154 IMPHASH=FCC251CCEAE90D22C392215CC9A2D5D6 IMPHASH=23867A89C2B8FC733BE6CF5EF902F2D1 IMPHASH=A37FF327F8D48E8A4D2F757E1B6E70BC IMPHASH=F9A28C458284584A93B14216308D31BD IMPHASH=6118619783FC175BC7EBECFF0769B46E IMPHASH=959A83047E80AB68B368FDB3F4C6E4EA IMPHASH=563233BFA169ACC7892451F71AD5850A IMPHASH=87575CB7A0E0700EB37F2E3668671A08 IMPHASH=13F08707F759AF6003837A150A371BA1 IMPHASH=1781F06048A7E58B323F0B9259BE798B IMPHASH=233F85F2D4BC9D6521A6CAAE11A1E7F5 IMPHASH=24AF2584CBF4D60BBE5C6D1B31B3BE6D IMPHASH=632969DDF6DBF4E0F53424B75E4B91F2 IMPHASH=713C29B396B907ED71A72482759ED757 IMPHASH=749A7BB1F0B4C4455949C0B2BF7F9E9F IMPHASH=8628B2608957A6B0C6330AC3DE28CE2E IMPHASH=8B114550386E31895DFAB371E741123D IMPHASH=94CB940A1A6B65BED4D5A8F849CE9793 IMPHASH=9D68781980370E00E0BD939EE5E6C141 IMPHASH=B18A1401FF8F444056D29450FBC0A6CE IMPHASH=CB567F9498452721D77A451374955F5F IMPHASH=730073214094CD328547BF1F72289752 IMPHASH=17B461A082950FC6332228572138B80C IMPHASH=DC25EE78E2EF4D36FAA0BADF1E7461C9 IMPHASH=819B19D53CA6736448F9325A85736792 IMPHASH=829DA329CE140D873B4A8BDE2CBFAA7E IMPHASH=C547F2E66061A8DFFB6F5A3FF63C0A74 IMPHASH=0588081AB0E63BA785938467E1B10CCA IMPHASH=0D9EC08BAC6C07D9987DFD0F1506587C IMPHASH=BC129092B71C89B4D4C8CDF8EA590B29 IMPHASH=4DA924CF622D039D58BCE71CDF05D242 IMPHASH=E7A3A5C377E2D29324093377D7DB1C66 IMPHASH=9A9DBEC5C62F0380B4FA5FD31DEFFEDF IMPHASH=AF8A3976AD71E5D5FDFB67DDB8DADFCE IMPHASH=0C477898BBF137BBD6F2A54E3B805FF4 IMPHASH=0CA9F02B537BCEA20D4EA5EB1A9FE338 IMPHASH=3AB3655E5A14D4EEFC547F4781BF7F9E IMPHASH=E6F9D5152DA699934B30DAAB206471F6 IMPHASH=3AD59991CCF1D67339B319B15A41B35D IMPHASH=FFDD59E0318B85A3E480874D9796D872 IMPHASH=0CF479628D7CC1EA25EC7998A92F5051 IMPHASH=07A2D4DCBD6CB2C6A45E6B101F0B6D51 IMPHASH=D6D0F80386E1380D05CB78E871BC72B1 IMPHASH=38D9E015591BBFD4929E0D0F47FA0055 IMPHASH=0E2216679CA6E1094D63322E3412D650 IMPHASH=ADA161BF41B8E5E9132858CB54CAB5FB IMPHASH=2A1BC4913CD5ECB0434DF07CB675B798 IMPHASH=11083E75553BAAE21DC89CE8F9A195E4 IMPHASH=A23D29C9E566F2FA8FFBB79267F5DF80 IMPHASH=4A07F944A83E8A7C2525EFA35DD30E2F IMPHASH=767637C23BB42CD5D7397CF58B0BE688 IMPHASH=14C4E4C72BA075E9069EE67F39188AD8 IMPHASH=3C782813D4AFCE07BBFC5A9772ACDBDC IMPHASH=7D010C6BB6A3726F327F7E239166D127 IMPHASH=89159BA4DD04E4CE5559F132A9964EB3 IMPHASH=6F33F4A5FC42B8CEC7314947BD13F30F IMPHASH=5834ED4291BDEB928270428EBBAF7604 IMPHASH=5A8A8A43F25485E7EE1B201EDCBC7A38 IMPHASH=DC7D30B90B2D8ABF664FBED2B1B59894 IMPHASH=41923EA1F824FE63EA5BEB84DB7A3E74 IMPHASH=3DE09703C8E79ED2CA3F01074719906B IMPHASH=A53A02B997935FD8EEDCB5F7ABAB9B9F IMPHASH=E96A73C7BF33A464C510EDE582318BF2 IMPHASH=32089B8851BBF8BC2D014E9F37288C83 IMPHASH=09D278F9DE118EF09163C6140255C690 IMPHASH=03866661686829d806989e2fc5a72606 IMPHASH=e57401fbdadcd4571ff385ab82bd5d6d IMPHASH=84B763C45C0E4A3E7CA5548C710DB4EE IMPHASH=19584675D94829987952432E018D5056 IMPHASH=330768A4F172E10ACB6287B87289D83B IMPHASH=885C99CCFBE77D1CBFCB9C4E7C1A3313 IMPHASH=22A22BC9E4E0D2F189F1EA01748816AC IMPHASH=7FA30E6BB7E8E8A69155636E50BF1B28 IMPHASH=96DF3A3731912449521F6F8D183279B1 IMPHASH=7E6CF3FF4576581271AC8A313B2AAB46 IMPHASH=51791678F351C03A0EB4E2A7B05C6E17 IMPHASH=25CE42B079282632708FC846129E98A5 MD5=7B17F15713FCF13C764535AA2BDF52AA SHA1=4E18320493042BCD7D21B53E258974BC460ACC78 SHA256=477DFE485F5BD9540CC83E88FC04AAFB6DE49CF1ADC6BD857D5D6F4C1730A6D1 winword.exe excel.exe powerpnt.exe msaccess.exe mspub.exe eqnedt32.exe visio.exe wordpad.exe wordview.exe msohtmed.exe onenote.exe onenotem.exe onenoteim.exe certutil.exe certoc.exe CertReq.exe Desktopimgdownldr.exe esentutl.exe finger.exe notepad.exe AcroRd32.exe RdrCEF.exe calc.exe mspaint.exe hh.exe control.exe CMSTP.exe installutil.exe mshta.exe msiexec.exe Odbcconf.exe Regsvcs.exe;Regasm.exe regsvr32.exe Rundll32.exe Verclsid.exe mavinject.exe;mavinject64.exe mmc.exe Appvlp.exe;InfDefaultInstall.EXE;PresentationHost.exe;Register-cimprovider.exe;RegisterCimProvider2.exe;RegisterCimProvider.exe;ScriptRunner.exe;appcmd.exe;csi.exe;devtoolslauncher.exe;diskshadow.exe;extexport.exe;jjs.exe;msconfig.EXE;msdt.exe;rasautou.exe;rasdlui.exe;replace.exe;tttracer.exe;wab.exe;wsreset.exe SHA256=7ad0ab23023bc500c3b46f414a8b363c5f8700861bc4745cecc14dd34bcee9ed SHA256=0aafa9f47acf69d46c9542985994ff5321f00842a28df2396d4a3076776a83cb SHA256=0ae8d1dd56a8a000ced74a627052933d2e9bff31d251de185b3c0c5fc94a44db SHA256=0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05 SHA256=0b2ad05939b0aabbdc011082fad7960baa0c459ec16a2b29f37c1fa31795a46d SHA256=0b542e47248611a1895018ec4f4033ea53464f259c74eb014d018b19ad818917 SHA256=0bc3685b0b8adc97931b5d31348da235cd7581a67edf6d79913e6a5709866135 SHA256=0be4912bfd7a79f6ebfa1c06a59f0fb402bd4fe0158265780509edd0e562eac1 SHA256=0c512b615eac374d4d494e3c36838d8e788b3dc2691bf27916f7f42694b14467 SHA256=0cd4ca335155062182608cad9ef5c8351a715bce92049719dd09c76422cd7b0c SHA256=0ce40a2cdd3f45c7632b858e8089ddfdd12d9acb286f2015a4b1b0c0346a572c SHA256=0cf6c6c2d231eaf67dfc87561cc9a56ecef89ab50baafee5a67962748d51faf3 SHA256=0d3790af5f8e5c945410929e31d06144a471ac82f828afe89a4758a5bbeb7f9f SHA256=0da746e49fd662be910d0e366934a7e02898714eaaa577e261ab40eb44222b5c SHA256=0de4247e72d378713bcf22d5c5d3874d079203bb4364e25f67a90d5570bdcce8 SHA256=0e53b58415fa68552928622118d5b8a3a851b2fc512709a90b63ba46acda8b6b SHA256=0ebaef662b14410c198395b13347e1d175334ec67919709ad37d65eba013adff SHA256=0ee5067ce48883701824c5b1ad91695998916a3702cf8086962fbe58af74b2d6 SHA256=0f016c80c4938fbcd47a47409969b3925f54292eba2ce01a8e45222ce8615eb8 SHA256=0f17e5cfc5bdd74aff91bfb1a836071345ba2b5d1b47b0d5bf8e7e0d4d5e2dbf SHA256=0f035948848432bc243704041739e49b528f35c82a5be922d9e3b8a4c44398ff SHA256=0fd2df82341bf5ebb8a53682e60d08978100c01acb0bed7b6ce2876ada80f670 SHA256=01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd SHA256=01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece SHA256=1a4f7d7926efc3e3488758ce318246ea78a061bde759ec6c906ff005dd8213e5 SHA256=1a42ebde59e8f63804eaa404f79ee93a16bb33d27fb158c6bfbe6143226899a0 SHA256=1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c SHA256=1aaf4c1e3cb6774857e2eef27c17e68dc1ae577112e4769665f516c2e8c4e27b SHA256=1afa03118f87b62c59a97617e595ebb26dde8dbdd16ee47ef3ddd1097c30ef6a SHA256=1b00d6e5d40b1b84ca63da0e99246574cdd2a533122bc83746f06c0d66e63a6e SHA256=1b7fb154a7b7903a3c81f12f4b094f24a3c60a6a8cffca894c67c264ab7545fa SHA256=1c8dfa14888bb58848b4792fb1d8a921976a9463be8334cff45cc96f1276049a SHA256=1c1251784e6f61525d0082882a969cb8a0c5d5359be22f5a73e3b0cd38b51687 SHA256=1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8 SHA256=1ddfe4756f5db9fb319d6c6da9c41c588a729d9e7817190b027b38e9c076d219 SHA256=1e0eb0811a7cf1bdaf29d3d2cab373ca51eb8d8b58889ab7728e2d3aed244abe SHA256=1e8b0c1966e566a523d652e00f7727d8b0663f1dfdce3b9a09b9adfaef48d8ee SHA256=1e16a01ef44e4c56e87abfbe03b2989b0391b172c3ec162783ad640be65ab961 SHA256=1ee59eb28688e73d10838c66e0d8e011c8df45b6b43a4ac5d0b75795ca3eb512 SHA256=1f4d4db4abe26e765a33afb2501ac134d14cadeaa74ae8a0fae420e4ecf58e0c SHA256=1f8168036d636aad1680dd0f577ef9532dbb2dad3591d63e752b0ba3ee6fd501 SHA256=2a6db9facf9e13d35c37dd468be04bae5f70c6127a9aee76daebddbdec95d486 SHA256=2a9d481ffdc5c1e2cb50cf078be32be06b21f6e2b38e90e008edfc8c4f2a9c4e SHA256=2a652de6b680d5ad92376ad323021850dab2c653abf06edf26120f7714b8e08a SHA256=2a6212f3b68a6f263e96420b3607b31cfdfe51afff516f3c87d27bf8a89721e8 SHA256=2aa1b08f47fbb1e2bd2e4a492f5d616968e703e1359a921f62b38b8e4662f0c4 SHA256=2afdb3278a7b57466a103024aef9ff7f41c73a19bab843a8ebf3d3c4d4e82b30 SHA256=2b4c7d3820fe08400a7791e2556132b902a9bbadc1942de57077ecb9d21bf47a SHA256=2b120de80a5462f8395cfb7153c86dfd44f29f0776ea156ec4a34fa64e5c4797 SHA256=2b186926ed815d87eaf72759a69095a11274f5d13c33b8cc2b8700a1f020be1d SHA256=2bbc6b9dd5e6d0327250b32305be20c89b19b56d33a096522ee33f22d8c82ff1 SHA256=2bbe65cbec3bb069e92233924f7ee1f95ffa16173fceb932c34f68d862781250 SHA256=2bf29a2df52110ed463d51376562afceac0e80fbb1033284cf50edd86c406b14 SHA256=2ce81759bfa236913bbbb9b2cbc093140b099486fd002910b18e2c6e31fdc4f1 SHA256=2d2c7ee9547738a8a676ab785c151e8b48ed40fe7cf6174650814c7f5f58513b SHA256=2d83ccb1ad9839c9f5b3f10b1f856177df1594c66cbbc7661677d4b462ebf44d SHA256=2d195cd4400754cc6f6c3f8ab1fe31627932c3c1bf8d5d0507c292232d1a2396 SHA256=2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e SHA256=2e6b339597a89e875f175023ed952aaac64e9d20d457bbc07acf1586e7fe2df8 SHA256=2e665962c827ce0adbd29fe6bcf09bbb1d7a7022075d162ff9b65d0af9794ac0 SHA256=2ef7df384e93951893b65500dac6ee09da6b8fe9128326caad41b8be4da49a1e SHA256=2f60536b25ba8c9014e4a57d7a9a681bd3189fa414eea88c256d029750e15cae SHA256=2fbbc276737047cb9b3ba5396756d28c1737342d89dce1b64c23a9c4513ae445 SHA256=03e0581432f5c8cc727a8aa387f5b69ff84d38d0df6f1226c19c6e960a81e1e9 SHA256=3a5ec83fe670e5e23aef3afa0a7241053f5b6be5e6ca01766d6b5f9177183c25 SHA256=3a65d14fd3b1b5981084cdbd293dc6f4558911ea18dd80177d1e5b54d85bcaa0 SHA256=3a95cc82173032b82a0ffc7d2e438df64c13bc16b4574214c9fe3be37250925e SHA256=3ac5e01689a3d745e60925bc7faca8d4306ae693e803b5e19c94906dc30add46 SHA256=3b6e85c8fed9e39b21b2eab0b69bc464272b2c92961510c36e2e2df7aa39861b SHA256=3c5d7069f85ec1d6f58147431f88c4d7c48df73baf94ffdefd664f2606baf09c SHA256=3c6f9917418e991ed41540d8d882c8ca51d582a82fd01bff6cdf26591454faf5 SHA256=3c7e5b25a33a7805c999d318a9523fcae46695a89f55bbdb8bb9087360323dfc SHA256=3c18ae965fba56d09a65770b4d8da54ccd7801f979d3ebd283397bc99646004b SHA256=3c4207c90c97733fae2a08679d63fbbe94dfcf96fdfdf88406aa7ab3f80ea78f SHA256=3cb75429944e60f6c820c7638adbf688883ad44951bca3f8912428afe72bc134 SHA256=3d9e83b189fcf5c3541c62d1f54a0da0a4e5b62c3243d2989afc46644056c8e3 SHA256=3d23bdbaf9905259d858df5bf991eb23d2dc9f4ecda7f9f77839691acef1b8c4 SHA256=3e1d47a497babbfd1c83905777b517ec87c65742bee7eb57a2273eca825d2272 SHA256=3e07bb866d329a2f9aaa4802bad04fdac9163de9bf9cfa1d035f5ca610b4b9bf SHA256=3e9b62d2ea2be50a2da670746c4dbe807db9601980af3a1014bcd72d0248d84c SHA256=3e274df646f191d2705c0beaa35eeea84808593c3b333809f13632782e27ad75 SHA256=3ec5ad51e6879464dfbccb9f4ed76c6325056a42548d5994ba869da9c4c039a8 SHA256=3f2fda9a7a9c57b7138687bbce49a2e156d6095dddabb3454ea09737e02c3fa5 SHA256=3f9530c94b689f39cc83377d76979d443275012e022782a600dcb5cad4cca6aa SHA256=3fa6379951f08ed3cb87eeba9cf0c5f5e1d0317dcfcf003b810df9d795eeb73e SHA256=3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 SHA256=3ff39728f1c11d1108f65ec5eb3d722fd1a1279c530d79712e0d32b34880baaa SHA256=04a85e359525d662338cae86c1e59b1d7aa9bd12b920e8067503723dc1e03162 SHA256=4a3d4db86f580b1680d6454baee1c1a139e2dde7d55e972ba7c92ec3f555dce2 SHA256=4a9093e8dbcb867e1b97a0a67ce99a8511900658f5201c34ffb8035881f2dbbe SHA256=4ab41816abbf14d59e75b7fad49e2cb1c1feb27a3cb27402297a2a4793ff9da7 SHA256=4b4c925c3b8285aeeab9b954e8b2a0773b4d2d0e18d07d4a9d268f4be90f6cae SHA256=4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1 SHA256=4bc0921ffd4acc865525d3faf98961e8decc5aec4974552cbbf2ae8d5a569de4 SHA256=4cff6e53430b81ecc4fae453e59a0353bcfe73dd5780abfc35f299c16a97998e SHA256=4d19ee789e101e5a76834fb411aadf8229f08b3ece671343ad57a6576a525036 SHA256=4d0580c20c1ba74cf90d44c82d040f0039542eea96e4bbff3996e6760f457cee SHA256=4da08c0681fbe028b60a1eaf5cb8890bd3eba4d0e6a8b976495ddcd315e147ba SHA256=4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80 SHA256=4e37592a2a415f520438330c32cfbdbd6af594deef5290b2fa4b9722b898ff69 SHA256=05f052c64d192cf69a462a5ec16dda0d43ca5d0245900c9fcb9201685a2e7748 SHA256=5a826b4fa10891cf63aae832fc645ce680a483b915c608ca26cedbb173b1b80a SHA256=5ae23f1fcf3fb735fcf1fa27f27e610d9945d668a149c7b7b0c84ffd6409d99a SHA256=5b3705b47dc15f2b61ca3821b883b9cd114d83fcc3344d11eb1d3df495d75abe SHA256=5b9623da9ba8e5c80c49473f40ffe7ad315dcadffc3230afdc9d9226d60a715a SHA256=5bd41a29cbba0d24e639f49d1f201b9bd119b11f5e3b8a5fefa3a5c6f1e7692c SHA256=5c0b429e5935814457934fa9c10ac7a88e19068fa1bd152879e4e9b89c103921 SHA256=5c04c274a708c9a7d993e33be3ea9e6119dc29527a767410dbaf93996f87369a SHA256=5cfad3d473961763306d72c12bd5ae14183a1a5778325c9acacca764b79ca185 SHA256=5d530e111400785d183057113d70623e17af32931668ab7c7fc826f0fd4f91a3 SHA256=5ee292b605cd3751a24e5949aae615d472a3c72688632c3040dc311055b75a92 SHA256=5f5e5f1c93d961985624768b7c676d488c7c7c1d4c043f6fc1ea1904fefb75be SHA256=5f7e47d728ac3301eb47b409801a0f4726a435f78f1ed02c30d2a926259c71f3 SHA256=5f69d6b167a1eeca3f6ac64785c3c01976ee7303171faf998d65852056988683 SHA256=5f6547e9823f94c5b94af1fb69a967c4902f72b6e0c783804835e6ce27f887b0 SHA256=5f20541f859f21b3106e12d37182b1ea39bb75ffcfcddb2ece4f6edd42c0bab2 SHA256=5f487829527802983d5c120e3b99f3cf89333ca14f5e49ac32df0798cfb1f7aa SHA256=5fad3775feb8b6f6dcbd1642ae6b6a565ff7b64eadfc9bf9777918b51696ab36 SHA256=06bda5a1594f7121acd2efe38ccb617fbc078bb9a70b665a5f5efd70e3013f50 SHA256=6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5 SHA256=6b830ea0db6546a044c9900d3f335e7820c2a80e147b0751641899d1a5aa8f74 SHA256=6befa481e8cca8084d9ec3a1925782cd3c28ef7a3e4384e034d48deaabb96b63 SHA256=6bfc0f425de9f4e7480aa2d1f2e08892d0553ed0df1c31e9bf3d8d702f38fa2e SHA256=6c7120e40fc850e4715058b233f5ad4527d1084a909114fd6a36b7b7573c4a44 SHA256=6c64688444d3e004da77dcfb769d064bb38afceeef7ff915dfc71e60e19ff18a SHA256=6cb6e23ba516570bbd158c32f7c7c99f19b24ca4437340ecb39253662afe4293 SHA256=6cb51ae871fbd5d07c5aad6ff8eea43d34063089528603ca9ceb8b4f52f68ddc SHA256=6de84caa2ca18673e01b91af58220c60aecd5cccf269725ec3c7f226b2167492 SHA256=6e0aa67cfdbe27a059cbd066443337f81c5b6d37444d14792d1c765d9d122dcf SHA256=6e944ae1bfe43a8a7cd2ea65e518a30172ce8f31223bdfd39701b2cb41d8a9e7 SHA256=6ed35f310c96920a271c59a097b382da07856e40179c2a4239f8daa04eef38e7 SHA256=6f1fc8287dd8d724972d7a165683f2b2ad6837e16f09fe292714e8e38ecd1e38 SHA256=6f1ff29e2e710f6d064dc74e8e011331d807c32cc2a622cbe507fd4b4d43f8f4 SHA256=6f55c148bb27c14408cf0f16f344abcd63539174ac855e510a42d78cfaec451c SHA256=6fb5bc9c51f6872de116c7db8a2134461743908efc306373f6de59a0646c4f5d SHA256=6ffdde6bc6784c13c601442e47157062941c47015891e7139c2aaba676ab59cc SHA256=07b6d69bafcfd767f1b63a490a8843c3bb1f8e1bbea56176109b5743c8f7d357 SHA256=7a48f92a9c2d95a72e18055cac28c1e7e6cad5f47aa735cbea5c3b82813ccfaf SHA256=7aaf2aa194b936e48bc90f01ee854768c8383c0be50cfb41b346666aec0cf853 SHA256=7b0f442ac0bb183906700097d65aed0b4b9d8678f9a01aca864854189fe368e7 SHA256=7c731c0ea7f28671ab7787800db69739ea5cd6be16ea21045b4580cf95cbf73b SHA256=7cb497abc44aad09a38160d6a071db499e05ff5871802ccc45d565d242026ee7 SHA256=7cb594af6a3655daebc9fad9c8abf2417b00ba31dcd118707824e5316fc0cc21 SHA256=7cc9ba2df7b9ea6bb17ee342898edd7f54703b93b6ded6a819e83a7ee9f938b4 SHA256=7cfa5e10dff8a99a5d544b011f676bc383991274c693e21e3af40cf6982adb8c SHA256=7d8937c18d6e11a0952e53970a0934cf0e65515637ac24d6ca52ccf4b93d385f SHA256=7d43769b353d63093228a59eb19bba87ce6b552d7e1a99bf34a54eee641aa0ea SHA256=7da6113183328d4fddf6937c0c85ef65ba69bfe133b1146193a25bcf6ae1f9dd SHA256=7dfc2eb033d2e090540860b8853036f40736d02bd22099ff6cf665a90be659cd SHA256=7e3b0b8d3e430074109d85729201d7c34bc5b918c0bcb9f64ce88c5e37e1a456 SHA256=7e81beae78e1ddbf6c150e15667e1f18783f9b0ab7fbe52c7ab63e754135948d SHA256=7e0124fcc7c95fdc34408cf154cb41e654dade8b898c71ad587b2090b1da30d7 SHA256=7ec93f34eb323823eb199fbf8d06219086d517d0e8f4b9e348d7afd41ec9fd5d SHA256=7f5dc63e5742096e4accaca39ae77a2a2142b438c10f97860dee4054b51d3b35 SHA256=7f190f6e5ab0edafd63391506c2360230af4c2d56c45fc8996a168a1fc12d457 SHA256=7f375639a0df7fe51e5518cf87c3f513c55bc117db47d28da8c615642eb18bfa SHA256=08eb2d2aa25c5f0af4e72a7e0126735536f6c2c05e9c7437282171afe5e322c6 SHA256=8b92cdb91a2e2fab3881d54f5862e723826b759749f837a11c9e9d85d52095a2 SHA256=8bda0108de82ebeae82f43108046c5feb6f042e312fa0115475a9e32274fae59 SHA256=8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6 SHA256=8c748ae5dcc10614cc134064c99367d28f3131d1f1dda0c9c29e99279dc1bdd9 SHA256=8cb62c5d41148de416014f80bd1fd033fd4d2bd504cb05b90eeb6992a382d58f SHA256=8cf0cbbdc43f9b977f0fb79e0a0dd0e1adabe08a67d0f40d727c717c747de775 SHA256=8cfd5b2102fbc77018c7fe6019ec15f07da497f6d73c32a31f4ba07e67ec85d9 SHA256=8d57e416ea4bb855b78a2ff3c80de1dfbb5dc5ee9bfbdddb23e46bd8619287e2 SHA256=8e5aef7c66c0e92dfc037ee29ade1c8484b8d7fadebdcf521d2763b1d8215126 SHA256=8e88cb80328c3dbaa2752591692e74a2fae7e146d7d8aabc9b9ac9a6fe561e6c SHA256=8e6363a6393eb4234667c6f614b2072e33512866b3204f8395bbe01530d63f2f SHA256=8ef0ad86500094e8fa3d9e7d53163aa6feef67c09575c169873c494ed66f057f SHA256=8f68ca89910ebe9da3d02ec82d935de1814d79c44f36cd30ea02fa49ae488f00 SHA256=8f23313adb35782adb0ba97fefbfbb8bbc5fc40ae272e07f6d4629a5305a3fa2 SHA256=8fe9828bea83adc8b1429394db7a556a17f79846ad0bfb7f242084a5c96edf2a SHA256=09b0e07af8b17db1d896b78da4dd3f55db76738ee1f4ced083a97d737334a184 SHA256=09bedbf7a41e0f8dabe4f41d331db58373ce15b2e9204540873a1884f38bdde1 SHA256=9a1d66036b0868bbb1b2823209fedea61a301d5dd245f8e7d390bd31e52d663e SHA256=9a54ef5cfbe6db599322967ee2c84db7daabcb468be10a3ccfcaa0f64d9173c7 SHA256=9a91d6e83b8fdec536580f6617f10dfc64eedf14ead29a6a644eb154426622ba SHA256=9a95a70f68144980f2d684e96c79bdc93ebca1587f46afae6962478631e85d0c SHA256=9a523854fe84f15efc1635d7f5d3e71812c45d6a4d2c99c29fdc4b4d9c84954c SHA256=9b1ac756e35f795dd91adbc841e78db23cb7165280f8d4a01df663128b66d194 SHA256=9b2f051ac901ab47d0012a1002cb8b2db28c14e9480c0dd55e1ac11c81ba9285 SHA256=9b6a84f7c40ea51c38cc4d2e93efb3375e9d98d4894a85941190d94fbe73a4e4 SHA256=9c10e2ec4f9ef591415f9a784b93dc9c9cdafa7c69602c0dc860c5b62222e449 SHA256=9d5ebd0f4585ec20a5fe3c5276df13ece5a2645d3d6f70cedcda979bd1248fc2 SHA256=9d58f640c7295952b71bdcb456cae37213baccdcd3032c1e3aeb54e79081f395 SHA256=9dab4b6fddc8e1ec0a186aa8382b184a5d52cfcabaaf04ff9e3767021eb09cf4 SHA256=9ee33ffd80611a13779df6286c1e04d3c151f1e2f65e3d664a08997fcd098ef3 SHA256=9f4ce6ab5e8d44f355426d9a6ab79833709f39b300733b5b251a0766e895e0e5 SHA256=9f1229cd8dd9092c27a01f5d56e3c0d59c2bb9f0139abf042e56f343637fda33 SHA256=9f1025601d17945c3a47026814bdec353ee363966e62dba7fe2673da5ce50def SHA256=9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374 SHA256=11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5 SHA256=11d258e05b850dcc9ecfacccc9486e54bd928aaa3d5e9942696c323fdbd3481b SHA256=12eda8b65ed8c1d80464a0c535ea099dffdb4981c134294cb0fa424efc85ee56 SHA256=14adbf0bc43414a7700e5403100cff7fc6ade50bebfab16a17acf2fdda5a9da8 SHA256=15c53eb3a0ea44bbd2901a45a6ebeae29bb123f9c1115c38dfb2cdbec0642229 SHA256=15fb486b6b8c2a2f1b067f48fba10c2f164638fe5e6cee618fb84463578ecac9 SHA256=16a2e578bc8683f17a175480fea4f53c838cfae965f1d4caa47eaf9e0b3415c1 SHA256=18deed37f60b6aa8634dda2565a0485452487d7bce88afb49301a7352db4e506 SHA256=18e1707b319c279c7e0204074088cc39286007a1cf6cb6e269d5067d8d0628c6 SHA256=19a212e6fc324f4cb9ee5eba60f5c1fc0191799a4432265cbeaa3307c76a7fc0 SHA256=19bf0d0f55d2ad33ef2d105520bde8fb4286f00e9d7a721e3c9587b9408a0775 SHA256=19d0fc91b70d7a719f7a28b4ad929f114bf1de94a4c7cba5ad821285a4485da0 SHA256=20f11a64bc4548f4edb47e3d3418da0f6d54a83158224b71662a6292bf45b5fb SHA256=21ccdd306b5183c00ecfd0475b3152e7d94b921e858e59b68a03e925d1715f21 SHA256=22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c SHA256=23ba19352b1e71a965260bf4d5120f0200709ee8657ed381043bec9a938a1ade SHA256=025e7be9fcefd6a83f4471bba0c11f1c11bd5047047d26626da24ee9a419cdc4 SHA256=26c28746e947389856543837aa59a5b1f4697e5721a04d00aa28151a2659b097 SHA256=26e3bfef255efd052a84c3c43994c73222b14c95db9a4b1fc2e98f1a5cb26e43 SHA256=26f41e4268be59f5de07552b51fa52d18d88be94f8895eb4a16de0f3940cf712 SHA256=27cd05527feb020084a4a76579c125458571da8843cdfc3733211760a11da970 SHA256=29a90ae1dcee66335ece4287a06482716530509912be863c85a2a03a6450a5b6 SHA256=29e0062a017a93b2f2f5207a608a96df4d554c5de976bd0276c2590a03bd3e94 SHA256=30abc0cc700fdebc74e62d574addc08f6227f9c7177d9eaa8cbc37d5c017c9bb SHA256=31d8fc6f5fb837d5eb29db828d13ba8ee11867d86a90b2c2483a578e1d0ec43a SHA256=31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427 SHA256=31f4140c12ac31f5729a8de4dc051d3acd07783564604df831a2a6722c979192 SHA256=32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351 SHA256=32e1a8513eee746d17eb5402fb9d8ff9507fb6e1238e7ff06f7a5c50ff3df993 SHA256=34bee22c18ddbddbe115cf1ab55cabf0e482aba1eb2c343153577fb24b7226d3 SHA256=34e0364a4952d914f23f271d36e11161fb6bb7b64aea22ff965a967825a4a4bf SHA256=36aafa127736c7226c50061ea065f71e14f64ec60321f705bc52686d24117e0d SHA256=36b9e31240ab0341873c7092b63e2e0f2cab2962ebf9b25271c3a1216b7669eb SHA256=36e3127f045ef1fa7426a3ff8c441092d3b66923d2b69826034e48306609e289 SHA256=37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9 SHA256=37dde6bd8a7a36111c3ac57e0ac20bbb93ce3374d0852bcacc9a2c8c8c30079e SHA256=38b3eb8c86201d26353aab625cea672e60c2f66ce6f5e5eda673e8c3478bf305 SHA256=38bb9751a3a1f072d518afe6921a66ee6d5cf6d25bc50af49e1925f20d75d4d7 SHA256=38c18db050b0b2b07f657c03db1c9595febae0319c746c3eede677e21cd238b0 SHA256=38d87b51f4b69ba2dae1477684a1415f1a3b578eee5e1126673b1beaefee9a20 SHA256=38fa0c663c8689048726666f1c5e019feaa9da8278f1df6ff62da33961891d2a SHA256=39cfde7d401efce4f550e0a9461f5fc4d71fa07235e1336e4f0b4882bd76550e SHA256=42e170a7ab1d2c160d60abfc906872f9cfd0c2ee169ed76f6acb3f83b3eeefdb SHA256=42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f SHA256=43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89 SHA256=45abdbcd4c0916b7d9faaf1cd08543a3a5178871074628e0126a6eda890d26e0 SHA256=45ba688a4bded8a7e78a4f5b0dc21004e951ddceb014bb92f51a3301d2fbc56a SHA256=45c3d607cb57a1714c1c604a25cbadf2779f4734855d0e43aa394073b6966b26 SHA256=45f42c5d874369d6be270ea27a5511efcca512aeac7977f83a51b7c4dee6b5ef SHA256=47eaebc920ccf99e09fc9924feb6b19b8a28589f52783327067c9b09754b5e84 SHA256=47f0cdaa2359a63ad1389ef4a635f1f6eee1f63bdf6ef177f114bdcdadc2e005 SHA256=47f08f7d30d824a8f4bb8a98916401a37c0fd8502db308aba91fe3112b892dcc SHA256=49ed27460730b62403c1d2e4930573121ab0c86c442854bc0a62415ca445a810 SHA256=49f75746eebe14e5db11706b3e58accc62d4034d2f1c05c681ecef5d1ad933ba SHA256=50d5eaa168c077ce5b7f15b3f2c43bd2b86b07b1e926c1b332f8cb13bd2e0793 SHA256=50db5480d0392a7dd6ab5df98389dc24d1ed1e9c98c9c35964b19dabcd6dc67f SHA256=51e91dd108d974ae809e5fc23f6fbd16e13f672f86aa594dae4a5c4bc629b0b5 SHA256=53eaefba7e7dca9ab74e385abf18762f9f1aa51594e7f7db5ba612d6c787dd7e SHA256=55a1535e173c998fbbc978009b02d36ca0c737340d84ac2a8da73dfc2f450ef9 SHA256=55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a SHA256=56a3c9ac137d862a85b4004f043d46542a1b61c6acb438098a9640469e2d80e7 SHA256=57a389da784269bb2cc0a258500f6dfbf4f6269276e1192619ce439ec77f4572 SHA256=58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495 SHA256=58c071cfe72e9ee867bba85cbd0abe72eb223d27978d6f0650d0103553839b59 SHA256=59b09bd69923c0b3de3239e73205b1846a5f69043546d471b259887bb141d879 SHA256=60b163776e7b95e0c2280d04476304d0c943b484909131f340e3ce6045a49289 SHA256=60c6f4f34c7319cb3f9ca682e59d92711a05a2688badbae4891b1303cd384813 SHA256=61a1bdddd3c512e681818debb5bee94db701768fc25e674fcad46592a3259bd0 SHA256=61befeef14783eb0fed679fca179d2f5c33eb2dcbd40980669ca2ebeb3bf11cf SHA256=61d6e40601fa368800980801a662a5b3b36e3c23296e8ae1c85726a56ef18cc8 SHA256=62f5e13b2edc00128716cb93e6a9eddffea67ce83d2bb426f18f5be08ead89e0 SHA256=64f9e664bc6d4b8f5f68616dd50ae819c3e60452efd5e589d6604b9356841b57 SHA256=65c26276cadda7a36f8977d1d01120edb5c3418be2317d501761092d5f9916c9 SHA256=65db1b259e305a52042e07e111f4fa4af16542c8bacd33655f753ef642228890 SHA256=69e3fda487a5ec2ec0f67b7d79a5a836ff0036497b2d1aec514c67d2efa789b2 SHA256=71fe5af0f1564dc187eea8d59c0fbc897712afa07d18316d2080330ba17cf009 SHA256=71ff60722231c7641ad593756108cf6779dbaad21c7b08065fb1d4e225eab14d SHA256=72b99147839bcfb062d29014ec09fe20a8f261748b5925b00171ef3cb849a4c1 SHA256=72c0d2d699d0440db17cb7cbbc06a253eaafd21465f14bb0fed8b85ae73153d1 SHA256=074ae477c8c7ae76c6f2b0bf77ac17935a8e8ee51b52155d2821d93ab30f3761 SHA256=74a846c61adc53692d3040aff4c1916f32987ad72b07fe226e9e7dbeff1036c4 SHA256=075de997497262a9d105afeadaaefc6348b25ce0e0126505c24aa9396c251e85 SHA256=76b86543ce05540048f954fed37bdda66360c4a3ddb8328213d5aef7a960c184 SHA256=76e807b6c0214e66455f09a8de8faad40b738982ca84470f0043de0290449524 SHA256=76fb4deaee57ef30e56c382c92abffe2cf616d08dbecb3368c8ee6b02e59f303 SHA256=077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 SHA256=77c5e95b872b1d815d6d3ed28b399ca39f3427eeb0143f49982120ff732285a9 SHA256=79e2d37632c417138970b4feba91b7e10c2ea251c5efe3d1fc6fa0190f176b57 SHA256=79e87b93fbed84ec09261b3a0145c935f7dfe4d4805edfb563b2f971a0d51463 SHA256=80a59ca71fc20961ccafc0686051e86ae4afbbd4578cb26ad4570b9207651085 SHA256=80cbba9f404df3e642f22c476664d63d7c229d45d34f5cd0e19c65eb41becec3 SHA256=80eeb8c2890f3535ed14f5881baf2f2226e6763be099d09fb8aadaba5b4474c1 SHA256=81aafae4c4158d0b9a6431aff0410745a0f6a43fb20a9ab316ffeb8c2e2ccac0 SHA256=082c39fe2e3217004206535e271ebd45c11eb072efde4cc9885b25ba5c39f91d SHA256=82fbcb371d53b8a76a25fbbafaae31147c0d1f6b9f26b3ea45262c2267386989 SHA256=83f7be0a13c1fccf024c31da5c68c0ea1decf4f48fc39d6e4fd324bbe789ae8a SHA256=84bf1d0bcdf175cfe8aea2973e0373015793d43907410ae97e2071b2c4b8e2d4 SHA256=84df20b1d9d87e305c92e5ffae21b10b325609d59d835a954dbd8750ef5dabf4 SHA256=86a1b1bacc0c51332c9979e6aad84b5fba335df6b9a096ccb7681ab0779a8882 SHA256=86a8e0aa29a5b52c84921188cc1f0eca9a7904dcfe09544602933d8377720219 SHA256=88df37ede18bea511f1782c1a6c4915690b29591cf2c1bf5f52201fbbb4fa2b9 SHA256=88e2e6a705d3fb71b966d9fb46dc5a4b015548daf585fb54dfcd81dc0bd3ebdc SHA256=89b0017bc30cc026e32b758c66a1af88bd54c6a78e11ec2908ff854e00ac46be SHA256=89b9823ed974a5b71de8468324d45b7e9d6dc914f93615ba86c6209b25b3cbf7 SHA256=092d04284fdeb6762e65e6ac5b813920d6c69a5e99d110769c5c1a78e11c5ba0 SHA256=93b266f38c3c3eaab475d81597abbd7cc07943035068bb6fd670dbbe15de0131 SHA256=93d873cdf23d5edc622b74f9544cac7fe247d7a68e1e2a7bf2879fad97a3ae63 SHA256=94be67c319a67de75ebed050d5537cfaa795d72bba52f3d8cf349e7bd075410e SHA256=95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3 SHA256=97b32ddf83f75637e3ba934df117081dd6a1c57d47a4c9700d35e736da11d5bd SHA256=98a123b314cba2de65f899cdbfa386532f178333389e0f0fbd544aff85be02eb SHA256=98b734dda78c16ebcaa4afeb31007926542b63b2f163b2f733fa0d00dbb344d8 SHA256=99f4994a0e5bd1bf6e3f637d3225c69ff4cd620557e23637533e7f18d7d6cba1 SHA256=119c48b79735fda0ecd973d77d9bdc6b329960caed09b38ab454236ca039d280 SHA256=131d5490ceb9a5b2324d8e927fea5becfc633015661de2f4c2f2375a3a3b64c6 SHA256=133e542842656197c5d22429bd56d57aa33c9522897fdf29853a6d321033c743 SHA256=146d77e80ca70ea5cb17bfc9a5cea92334f809cbdc87a51c2d10b8579a4b9c88 SHA256=159e7c5a12157af92e0d14a0d3ea116f91c09e21a9831486e6dc592c93c10980 SHA256=175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347 SHA256=221dfbc74bbb255b0879360ccc71a74b756b2e0f16e9386b38a9ce9d4e2e34f9 SHA256=263e8f1e20612849aea95272da85773f577fd962a7a6d525b53f43407aa7ad24 SHA256=0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5 SHA256=316a27e2bdb86222bc7c8af4e5472166b02aec7f3f526901ce939094e5861f6d SHA256=358ac54be252673841a1d65bfc2fb6d549c1a4c877fa7f5e1bfa188f30375d69 SHA256=362c4f3dadc9c393682664a139d65d80e32caa2a97b6e0361dfd713a73267ecc SHA256=399effe75d32bdab6fa0a6bffe02dbf0a59219d940b654837c3be1c0bd02e9aa SHA256=436ccab6f62fa2d29827916e054ade7acae485b3de1d3e5c6c62d3debf1480e7 SHA256=453be8f63cc6b116e2049659e081d896491cf1a426e3d5f029f98146a3f44233 SHA256=455bc98ba32adab8b47d2d89bdbadca4910f91c182ab2fc3211ba07d3784537b SHA256=0466dac557ee161503f5dfbd3549f81ec760c3d6c7c4363a21a03e7a3f66aca8 SHA256=475e5016c9c0f5a127896f9179a1b1577a67b357f399ab5a1e68aab07134729a SHA256=478d855b648ef4501d3b08b3b10e94076ac67546b0ce86b454324f1bf9a78aa0 SHA256=496f4a4021226fb0f1b5f71a7634c84114c29faa308746a12c2414adb6b2a40b SHA256=506f953bbb285aeb8af0549eb24f52f3b7af36afe740afa36735bac70573ce28 SHA256=523d1d43e896077f32cd9acaa8e85b513bfb7b013a625e56f0d4e9675d9822ba SHA256=525d9b51a80ca0cd4c5889a96f857e73f3a80da1ffbae59851e0f51bdfb0b6cd SHA256=552f70374715e70c4ade591d65177be2539ec60f751223680dfaccb9e0be0ed9 SHA256=591bd5e92dfa0117b3daa29750e73e2db25baa717c31217539d30ffb1f7f3a52 SHA256=592f56b13e7dcaa285da64a0b9a48be7562bd9b0a190208b7c8b7d8de427cf6c SHA256=600a2119657973112025db3c0eeab2e69d528bccfeed75f40c6ef50b059ec8a0 SHA256=607dc4c75ac7aef82ae0616a453866b3b358c6cf5c8f9d29e4d37f844306b97c SHA256=626fae47811450d080d08c3d9fd890aa64bfecdc45eacd42a40850c1833c8763 SHA256=654c5ba47f74008c8f49cbb97988017eec8c898adc3bb851bc6e1fdf9dcf54ad SHA256=673b63b67345773cd6d66f6adcf2c753e2d949232bff818d5bb6e05786538d92 SHA256=673bcec3d53fab5efd6e3bac25ac9d6cc51f6bbdf8336e38aade2713dc1ae11b SHA256=677c0b1add3990fad51f492553d3533115c50a242a919437ccb145943011d2bf SHA256=727e8ba66a8ff07bdc778eacb463b65f2d7167a6616ca2f259ea32571cacf8af SHA256=771a8d05f1af6214e0ef0886662be500ee910ab99f0154227067fddcfe08a3dd SHA256=818e396595d08d724666803cd29dac566dc7db23bf50e9919d04b33afa988c01 SHA256=823da894b2c73ffcd39e77366b6f1abf0ae9604d9b20140a54e6d55053aadeba SHA256=845f1e228de249fc1ddf8dc28c39d03e8ad328a6277b6502d3932e83b879a65a SHA256=862d0ff27bb086145a33b9261142838651b0d2e1403be321145e197600eb5015 SHA256=881bca6dc2dafe1ae18aeb59216af939a3ac37248c13ed42ad0e1048a3855461 SHA256=900dd68ccc72d73774a347b3290c4b6153ae496a81de722ebb043e2e99496f88 SHA256=904e0f7d485a98e8497d5ec6dd6e6e1cf0b8d8e067fb64a9e09790af3c8c9d5a SHA256=909de5f21837ea2b13fdc4e5763589e6bdedb903f7c04e1d0b08776639774880 SHA256=910aa4685c735d8c07662aa04fafec463185699ad1a0cd1967b892fc33ec6c3c SHA256=916c535957a3b8cbf3336b63b2260ea4055163a9e6b214f2a7005d6d36a4a677 SHA256=923ebbe8111e73d5b8ecc2db10f8ea2629a3264c3a535d01c3c118a3b4c91782 SHA256=927c2a580d51a598177fa54c65e9d2610f5f212f1b6cb2fbf2740b64368f010a SHA256=950a4c0c772021cee26011a92194f0e58d61588f77f2873aa0599dff52a160c9 SHA256=955dac77a0148e9f9ed744f5d341cb9c9118261e52fe622ac6213965f2bc4cad SHA256=984a77e5424c6d099051441005f2938ae92b31b5ad8f6521c6b001932862add7 SHA256=1023dcd4c80db19e9f82f95b1c5e1ddb60db7ac034848dd5cc1c78104a6350f4 SHA256=1078af0c70e03ac17c7b8aa5ee03593f5decfef2f536716646a4ded1e98c153c SHA256=1273b74c3c1553eaa92e844fbd51f716356cc19cf77c2c780d4899ec7738fbd1 SHA256=1766fd66f846d9a21e648d649ad35d1ff94f8ca17a40a9a738444d6b8e07aacb SHA256=1963d5a0e512b72353953aadbe694f73a9a576f0241a988378fa40bf574eda52 SHA256=2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d SHA256=2101d5e80e92c55ecfd8c24fcf2202a206a4fd70195a1378f88c4cc04d336f22 SHA256=2121a2bb8ebbf2e6e82c782b6f3c6b7904f686aa495def25cf1cf52a42e16109 SHA256=2270a8144dabaf159c2888519b11b61e5e13acdaa997820c09798137bded3dd6 SHA256=2470fd1b733314c9b0afa19fd39c5d19aa1b36db598b5ebbe93445caa545da5f SHA256=2594b3ef3675ca3a7b465b8ed4962e3251364bab13b12af00ebba7fa2211abb2 SHA256=3124b0411b8077605db2a9b7909d8240e0d554496600e2706e531c93c931e1b5 SHA256=3243aab18e273a9b9c4280a57aecef278e10bfff19abb260d7a7820e41739099 SHA256=3326e2d32bbabd69feb6024809afc56c7e39241ebe70a53728c77e80995422a5 SHA256=3384f4a892f7aa72c43280ff682d85c8e3936f37a68d978d307a9461149192de SHA256=3503ea284b6819f9cb43b3e94c0bb1bf5945ccb37be6a898387e215197a4792a SHA256=3724b39e97936bb20ada51c6119aded04530ed86f6b8d6b45fbfb2f3b9a4114b SHA256=3871e16758a1778907667f78589359734f7f62f9dc953ec558946dcdbe6951e3 SHA256=3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838 SHA256=4045ae77859b1dbf13972451972eaaf6f3c97bea423e9e78f1c2f14330cd47ca SHA256=4324f3d1e4007f6499a3d0f0102cd92ed9f554332bc0b633305cd7b957ff16c8 SHA256=4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b SHA256=4744df6ac02ff0a3f9ad0bf47b15854bbebb73c936dd02f7c79293a2828406f6 SHA256=4880f40f2e557cff38100620b9aa1a3a753cb693af16cd3d95841583edcb57a8 SHA256=4941c4298f4560fc1e59d0f16f84bab5c060793700b82be2fd7c63735f1657a8 SHA256=5027fce41ed60906a0e76b97c95c2a5a83d57a2d1cd42de232a21f26c0d58e48 SHA256=5177a3b7393fb5855b2ec0a45d4c91660b958ee077e76e5a7d0669f2e04bcf02 SHA256=5192ec4501d0fe0b1c8f7bf9b778f7524a7a70a26bbbb66e5dab8480f6fdbb8b SHA256=5351c81b4ec5a0d79c39d24bac7600d10eac30c13546fde43d23636b3f421e7c SHA256=6071db01b50c658cf78665c24f1d21f21b4a12d16bfcfaa6813bf6bbc4d0a1e8 SHA256=6191c20426dd9b131122fb97e45be64a4d6ce98cc583406f38473434636ddedc SHA256=06508aacb4ed0a1398a2b0da5fa2dbf7da435b56da76fd83c759a50a51c75caf SHA256=7049f3c939efe76a5556c2a2c04386db51daf61d56b679f4868bb0983c996ebb SHA256=7133a461aeb03b4d69d43f3d26cd1a9e3ee01694e97a0645a3d8aa1a44c39129 SHA256=7236c8ff33c0e5cfa956778aa7303f1979f3bf709c361399fa1ce101b7e355b8 SHA256=7837cb350338c4958968d06b105466da6518f5bb522a6e70e87c0cad85128408 SHA256=7877c1b0e7429453b750218ca491c2825dae684ad9616642eff7b41715c70aca SHA256=8137ce22d0d0fc5ea5b174d6ad3506a4949506477b1325da2ccb76511f4c4f60 SHA256=8399e5afd8e3e97139dffb1a9fb00db2186321b427f164403282217cab067c38 SHA256=8688e43d94b41eeca2ed458b8fc0d02f74696a918e375ecd3842d8627e7a8f2b SHA256=8797d9afc7a6bb0933f100a8acbb5d0666ec691779d522ac66c66817155b1c0d SHA256=09043c51719d4bf6405c9a7a292bb9bb3bcc782f639b708ddcc4eedb5e5c9ce9 SHA256=9254f012009d55f555418ff85f7d93b184ab7cb0e37aecdfdab62cfe94dea96b SHA256=9529efb1837b1005e5e8f477773752078e0a46500c748bc30c9b5084d04082e6 SHA256=9790a7b9d624b2b18768bb655dda4a05a9929633cef0b1521e79e40d7de0a05b SHA256=17687cba00ec2c9036dd3cb5430aa1f4851e64990dafb4c8f06d88de5283d6ca SHA256=17927b93b2d6ab4271c158f039cae2d60591d6a14458f5a5690aec86f5d54229 SHA256=18712a063574bfec315d58577dfe413ab45b650e54747d1e18a56c3c7337a12c SHA256=19696fb0db3fcae22f705ae1eb1e9f1151c823f3ff5d8857e90f2a4a6fdc5758 SHA256=26453afb1f808f64bec87a2532a9361b696c0ed501d6b973a1f1b5ae152a4d40 SHA256=28999af32b55ddb7dcfc26376a244aa2fe297233ce7abe4919a1aef2f7e2cee7 SHA256=30706f110725199e338e9cc1c940d9a644d19a14f0eb8847712cba4cacda67ab SHA256=37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba SHA256=40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1 SHA256=42579a759f3f95f20a2c51d5ac2047a2662a2675b3fb9f46c1ed7f23393a0f00 SHA256=42851a01469ba97cdc38939b10cf9ea13237aa1f6c37b1ac84904c5a12a81fa0 SHA256=49329fa09f584d1960b09c1b15df18c0bc1c4fdb90bf48b6b5703e872040b668 SHA256=54841d9f89e195196e65aa881834804fe3678f1cf6b328cab8703edd15e3ec57 SHA256=59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347 SHA256=65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd SHA256=67734c7c0130dd66c964f76965f09a2290da4b14c94412c0056046e700654bdc SHA256=70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4 SHA256=72288d4978ee87ea6c8b1566dbd906107357087cef7364fb3dd1e1896d00baeb SHA256=72322fa8bba20df6966acbcf41e83747893fd173cd29de99b5ad1a5d3bf8f2de SHA256=76614f2e372f33100a8d92bf372cdbc1e183930ca747eed0b0cf2501293b990a SHA256=76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22 SHA256=77950e2a40ac0447ae7ee1ee3ef1242ce22796a157074e6f04e345b1956e143c SHA256=78827fa00ea48d96ac9af8d1c1e317d02ce11793e7f7f6e4c7aac7b5d7dd490f SHA256=81939e5c12bd627ff268e9887d6fb57e95e6049f28921f3437898757e7f21469 SHA256=85866e8c25d82c1ec91d7a8076c7d073cccf421cf57d9c83d80d63943a4edd94 SHA256=86721ee8161096348ed3dbe1ccbf933ae004c315b1691745a8af4a0df9fed675 SHA256=89108a15f009b285db4ef94250b889d5b11b96b4aa7b190784a6d1396e893e10 SHA256=092349aebdac28294dbad1656759d8461f362d1a36b01054dccf861d97beadf0 SHA256=94911fe6f2aba9683b10353094caf71ee4a882de63b4620797629d79f18feec5 SHA256=101402d4f5d1ae413ded499c78a5fcbbc7e3bae9b000d64c1dd64e3c48c37558 SHA256=238046cfe126a1f8ab96d8b62f6aa5ec97bab830e2bae5b1b6ab2d31894c79e4 SHA256=258359a7fa3d975620c9810dab3a6493972876a024135feaf3ac8482179b2e79 SHA256=314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073 SHA256=385485e643aa611e97ceae6590c6a8c47155886123dbb9de1e704d0d1624d039 SHA256=405472a8f9400a54bb29d03b436ccd58cfd6442fe686f6d2ed4f63f002854659 SHA256=440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c SHA256=509628b6d16d2428031311d7bd2add8d5f5160e9ecc0cd909f1e82bbbb3234d6 SHA256=543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91 SHA256=000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b SHA256=708016fbe22c813a251098f8f992b177b476bd1bbc48c2ed4a122ff74910a965 SHA256=771015b2620942919bb2e0683476635b7a09db55216d6fbf03534cb18513b20c SHA256=810513b3f4c8d29afb46f71816350088caacf46f1be361af55b26f3fee4662c3 SHA256=841335eeb6af68dce5b8b24151776281a751b95056a894991b23afae80e9f33b SHA256=0909005d625866ef8ccd8ae8af5745a469f4f70561b644d6e38b80bccb53eb06 SHA256=952199c28332bc90cfd74530a77ee237967ed32b3c71322559c59f7a42187dc4 SHA256=2732050a7d836ae0bdc5c0aea4cdf8ce205618c3e7f613b8139c176e86476d0c SHA256=3279593db91bb7ad5b489a01808c645eafafda6cc9c39f50d10ccc30203f2ddf SHA256=3390919bb28d5c36cc348f9ef23be5fa49bfd81263eb7740826e4437cbe904cd SHA256=4422851a0a102f654e95d3b79c357ae3af1b096d7d1576663c027cfbc04abaf9 SHA256=7196187fb1ef8d108b380d37b2af8efdeb3ca1f6eefd37b5dc114c609147216d SHA256=7539157df91923d4575f7f57c8eb8b0fd87f064c919c1db85e73eebb2910b60c SHA256=7893307df2fdde25371645a924f0333e1b2de31b6bc839d8e2a908d7830c6504 SHA256=8939116df1d6c8fd0ebd14b2d37b3dec38a8820aa666ecd487bc1bb794f2a587 SHA256=9778136d2441439dc470861d15d96fa21dc9f16225232cd05b76791a5e0fde6f SHA256=16768203a471a19ebb541c942f45716e9f432985abbfbe6b4b7d61a798cea354 SHA256=18776682fcc0c6863147143759a8d4050a4115a8ede0136e49a7cf885c8a4805 SHA256=22418016e980e0a4a2d01ca210a17059916a4208352c1018b0079ccb19aaf86a SHA256=36505921af5a09175395ebaea29c72b2a69a3a9204384a767a5be8a721f31b10 SHA256=36875562e747136313ec5db58174e5fab870997a054ca8d3987d181599c7db6a SHA256=0040153302b88bee27eb4f1eca6855039e1a057370f5e8c615724fa5215bada3 SHA256=55963284bbd5a3297f39f12f0d8a01ed99fe59d008561e3537bcd4db4b4268fa SHA256=65008817eb97635826a8708a6411d7b50f762bab81304e457119d669382944c3 SHA256=65025741ecd0ef516da01319b42c2d96e13cb8d78de53fb7e39cd53ea6d58c75 SHA256=91314768da140999e682d2a290d48b78bb25a35525ea12c1b1f9634d14602b2c SHA256=478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82 SHA256=696679114f6a106ec94c21e2a33fe17af86368bcf9a796aaea37ea6e8748ad6a SHA256=910479467ef17b9591d8d42305e7f6f247ad41c60ec890a1ffbe331f495ed135 SHA256=8111085022bda87e5f6aa4c195e743cc6dd6a3a6d41add475d267dc6b105a69f SHA256=9679758455c69877fce866267d60c39d108b495dca183954e4af869902965b3d SHA256=46621554728bc55438c7c241137af401250f062edef6e7efecf1a6f0f6d0c1f7 SHA256=48891874441c6fa69e5518d98c53d83b723573e280c6c65ccfbde9039a6458c9 SHA256=6948480954137987a0be626c24cf594390960242cd75f094cd6aaa5c2e7a54fa SHA256=a2f45d95d54f4e110b577e621fefa0483fa0e3dcca14c500c298fb9209e491c1 SHA256=a3e507e713f11901017fc328186ae98e23de7cea5594687480229f77d45848d8 SHA256=a5a50449e2cc4d0dbc80496f757935ae38bf8a1bebdd6555a3495d8c219df2ad SHA256=a7b000abbcc344444a9b00cfade7aa22ab92ce0cadec196c30eb1851ae4fa062 SHA256=a7c2e7910942dd5e43e2f4eb159bcd2b4e71366e34a68109548b9fb12ac0f7cc SHA256=a7c8f4faf3cbb088cac7753d81f8ec4c38ccb97cd9da817741f49272e8d01200 SHA256=a56c2a2425eb3a4260cc7fc5c8d7bed7a3b4cd2af256185f24471c668853aee8 SHA256=a59c40e7470b7003e8adfee37c77606663e78d7e3f2ebb8d60910af19924d8df SHA256=a334bdf0c0ab07803380eb6ef83eefe7c147d6962595dd9c943a6a76f2200b0d SHA256=a566af57d88f37fa033e64b1d8abbd3ffdacaba260475fbbc8dab846a824eff5 SHA256=a899b659b08fbae30b182443be8ffb6a6471c1d0497b52293061754886a937a3 SHA256=a903f329b70f0078197cb7683aae1bb432eaf58572fe572f7cb4bc2080042d7e SHA256=a961f5939088238d76757669a9a81905e33f247c9c635b908daac146ae063499 SHA256=a4680fabf606d6580893434e81c130ff7ec9467a15e6534692443465f264d3c9 SHA256=a7860e110f7a292d621006b7208a634504fb5be417fd71e219060381b9a891e6 SHA256=a8027daa6facf1ff81405daf6763249e9acf232a1a191b6bf106711630e6188e SHA256=a9706e320179993dade519a83061477ace195daa1b788662825484813001f526 SHA256=a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433 SHA256=a2353030d4ea3ad9e874a0f7ff35bbfa10562c98c949d88cabab27102bbb8e48 SHA256=a072197177aad26c31960694e38e2cae85afbab070929e67e331b99d3a418cf4 SHA256=aa9ab1195dc866270e984f1bed5e1358d6ef24c515dfdb6c2a92d1e1b94bf608 SHA256=aaa3459bcac25423f78ed72dbae4d7ef19e7c5c65770cbe5210b14e33cd1816c SHA256=aafb95a443911e4c67d4e45ffa83cca103c91b42915b81100534dc439bec0c1b SHA256=ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89 SHA256=ab2632a4d93a7f3b7598c06a9fdc773a1b1b69a7dd926bdb7cf578992628e9dd SHA256=ab0925398f3fa69a67eacee2bbb7b34ac395bb309df7fc7a9a9b8103ef41ed7a SHA256=ac3f613d457fc4d44fa27b2e0b1baa62c09415705efb5a40a4756da39b3ac165 SHA256=ac63c26ca43701dddaa7fb1aea535d42190f88752900a03040fd5aaa24991e25 SHA256=ad8ffccfde782bc287241152cf24245a8bf21c2530d81c57e17631b3c4adb833 SHA256=ad23d77a38655acb71216824e363df8ac41a48a1a0080f35a0d23aa14b54460b SHA256=ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173 SHA256=ad2477632b9b07588cfe0e692f244c05fa4202975c1fe91dd3b90fa911ac6058 SHA256=ada4e42bf5ef58ef1aad94435441003b1cc1fcaa5d38bfdbe1a3d736dc451d47 SHA256=adc10de960f40fa9f6e28449748250fa9ddfd331115b77a79809a50c606753ee SHA256=ae6fb53e4d8122dba3a65e5fa59185b36c3ac9df46e82fcfb6731ab55c6395aa SHA256=ae42afa9be9aa6f6a5ae09fa9c05cd2dfb7861dc72d4fd8e0130e5843756c471 SHA256=ae79e760c739d6214c1e314728a78a6cb6060cce206fde2440a69735d639a0a2 SHA256=aebcbfca180e372a048b682a4859fd520c98b5b63f6e3a627c626cb35adc0399 SHA256=af095de15a16255ca1b2c27dad365dff9ac32d2a75e8e288f5a1307680781685 SHA256=af1011c76a22af7be97a0b3e0ce11aca0509820c59fa7c8eeaaa1b2c0225f75a SHA256=afdd66562dea51001c3a9de300f91fc3eb965d6848dfce92ccb9b75853e02508 SHA256=b1d96233235a62dbb21b8dbe2d1ae333199669f67664b107bff1ad49b41d9414 SHA256=b2ba6efeff1860614b150916a77c9278f19d51e459e67a069ccd15f985cbc0e1 SHA256=b03f26009de2e8eabfcf6152f49b02a55c5e5d0f73e01d48f5a745f93ce93a29 SHA256=b4d47ea790920a4531e3df5a4b4b0721b7fea6b49a35679f0652f1e590422602 SHA256=b6fd51e1f57a03006953e84fd56cc2821cc19e7c77c0474e1110aabaacaf03df SHA256=b7a20b5f15e1871b392782c46ebcc897929443d82073ee4dcb3874b6a5976b5d SHA256=b8b94c2646b62f6ac08f16514b6efaa9866aa3c581e4c0435a7aeafe569b2418 SHA256=b9a4e40a5d80fedd1037eaed958f9f9efed41eb01ada73d51b5dcd86e27e0cbf SHA256=b9b3878ddc5dfb237d38f8d25067267870afd67d12a330397a8853209c4d889c SHA256=b019ebd77ac19cdd72bba3318032752649bd56a7576723a8ae1cccd70ee1e61a SHA256=b37b3c6877b70289c0f43aeb71349f7344b06063996e6347c3c18d8c5de77f3b SHA256=b47be212352d407d0ef7458a7161c66b47c2aec8391dd101df11e65728337a6a SHA256=b48a309ee0960da3caaaaf1e794e8c409993aeb3a2b64809f36b97aac8a1e62a SHA256=b50ffc60eaa4fb7429fdbb67c0aba0c7085f5129564d0a113fec231c5f8ff62e SHA256=b51ddcf8309c80384986dda9b11bf7856b030e3e885b0856efdb9e84064917e5 SHA256=b95b2d9b29bd25659f1c7ba5a187f8d23cde01162d9b5b1a2c4aea8f64b38441 SHA256=b179e1ab6dc0b1aee783adbcad4ad6bb75a8a64cb798f30c0dd2ee8aaf43e6de SHA256=b1334a71cc73b3d0c54f62d8011bec330dfc355a239bf94a121f6e4c86a30a2e SHA256=b1867d13a4cab66a76f4d4448824ca0cb3a176064626f9618c0c103ee3cb4f47 SHA256=b17507a3246020fa0052a172485d7b3567e0161747927f2edf27c40e310852e0 SHA256=b61869b7945be062630f1dd4bae919aecee8927f7e1bc3954a21ff763f4c0867 SHA256=b583414fcee280128788f7b39451c511376fe821f455d4f3702795e96d560704 SHA256=b773511fdb2e370dec042530910a905472fcc2558eb108b246fd3200171b04d3 SHA256=bac709c49ddee363c8e59e515f2f632324a0359e932b7d8cb1ce2d52a95981aa SHA256=bb1135b51acca8348d285dc5461d10e8f57260e7d0c8cc4a092734d53fc40cbc SHA256=bb50818a07b0eb1bd317467139b7eb4bad6cd89053fecdabfeae111689825955 SHA256=bb68552936a6b0a68fb53ce864a6387d2698332aac10a7adfdd5a48b97027ce3 SHA256=bc7ebd191e0991fd0865a5c956a92e63792a0bb2ff888af43f7a63bb65a22248 SHA256=bc13adeb6bf62b1e10ef41205ef92382e6c18d6a20669d288a0b11058e533d63 SHA256=bced04bdefad6a08c763265d6993f07aa2feb57d33ed057f162a947cf0e6668f SHA256=bcfc2c9883e6c1b8429be44cc4db988a9eecb544988fbd756d18cfca6201876f SHA256=bda99629ec6c522c3efcbcc9ca33688d31903146f05b37d0d3b43db81bfb3961 SHA256=bdbceca41e576841cad2f2b38ee6dbf92fd77fbbfdfe6ecf99f0623d44ef182c SHA256=bdcacee3695583a0ca38b9a786b9f7334bf2a9a3387e4069c8e6ca378b2791d0 SHA256=be03e9541f56ac6ed1e81407dcd7cc85c0ffc538c3c2c2c8a9c747edbcf13100 SHA256=be8dd2d39a527649e34dc77ef8bc07193a4234b38597b8f51e519dadc5479ec2 SHA256=be54f7279e69fb7651f98e91d24069dbc7c4c67e65850e486622ccbdc44d9a57 SHA256=c1c4310e5d467d24e864177bdbfc57cb5d29aac697481bfa9c11ddbeebfd4cc8 SHA256=c2a4ddcc9c3b339d752c48925d62fc4cc5adbf6fae8fedef74cdd47e88da01f8 SHA256=c2fcc0fec64d5647813b84b9049d430406c4c6a7b9f8b725da21bcae2ff12247 SHA256=c3e150eb7e7292f70299d3054ed429156a4c32b1f7466a706a2b99249022979e SHA256=c8eaa5e6d3230b93c126d2d58e32409e4aeeb23ccf0dd047a17f1ef552f92fe9 SHA256=c9b49b52b493b53cd49c12c3fa9553e57c5394555b64e32d1208f5b96a5b8c6e SHA256=c9cf1d627078f63a36bbde364cd0d5f2be1714124d186c06db5bcdf549a109f8 SHA256=c26b51b4c37330800cff8519252e110116c3aaade94ceb9894ec5bfb1b8f9924 SHA256=c50f8ab8538c557963252b702c1bd3cee4604b5fc2497705d2a6a3fd87e3cc26 SHA256=c60fcff9c8e5243bbb22ec94618b9dcb02c59bb49b90c04d7d6ab3ebbd58dc3a SHA256=c64d4ac416363c7a1aa828929544d1c1d78cf032b39769943b851cfc4c0faafc SHA256=c089a31ac95d41ed02d1e4574962f53376b36a9e60ff87769d221dc7d1a3ecfa SHA256=c344e92a6d06155a217a9af7b4b35e6653665eec6569292e7b2e70f3a3027646 SHA256=c470c9db58840149ce002f3e6003382ecf740884a683bae8f9d10831be218fa2 SHA256=c628cda1ef43defc00af45b79949675a8422490d32b080b3a8bb9434242bdbf2 SHA256=c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5 SHA256=c8940e2e9b069ec94f9f711150b313b437f8429f78d522810601b6ee8b52bada SHA256=c9014b03866bf37faa8fdb16b6af7cfec976aaef179fd5797d0c0bf8079d3a8c SHA256=c299063e3eae8ddc15839767e83b9808fd43418dc5a1af7e4f44b97ba53fbd3d SHA256=c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c SHA256=c082514317bf80a2f5129d84a5a55e411a95e32d03a4df1274537704c80e41dd SHA256=caa85c44eb511377ea7426ff10df00a701c07ffb384eef8287636a4bca0b53ab SHA256=cb57f3a7fe9e1f8e63332c563b0a319b26c944be839eabc03e9a3277756ba612 SHA256=cb9890d4e303a4c03095d7bc176c42dee1b47d8aa58e2f442ec1514c8f9e3cec SHA256=cbb8239a765bf5b2c1b6a5c8832d2cab8fef5deacadfb65d8ed43ef56d291ab6 SHA256=cc383ad11e9d06047a1558ed343f389492da3ac2b84b71462aee502a2fa616c8 SHA256=cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64 SHA256=cc586254e9e89e88334adee44e332166119307e79c2f18f6c2ab90ce8ba7fc9b SHA256=cd4a249c3ef65af285d0f8f30a8a96e83688486aab515836318a2559757a89bb SHA256=cdd2a4575a46bada4837a6153a79c14d60ee3129830717ef09e0e3efd9d00812 SHA256=cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc SHA256=ce23c2dae4cca4771ea50ec737093dfafac06c64db0f924a1ccbbf687e33f5a2 SHA256=cf3a7d4285d65bf8688215407bce1b51d7c6b22497f09021f0fce31cbeb78986 SHA256=cf4b5fa853ce809f1924df3a3ae3c4e191878c4ea5248d8785dc7e51807a512b SHA256=cf3180f5308af002ac5d6fd5b75d1340878c375f0aebc3157e3bcad6322b7190 SHA256=cf69704755ec2643dfd245ae1d4e15d77f306aeb1a576ffa159453de1a7345cb SHA256=cfb7af8ac67a379e7869289aeee21837c448ea6f8ab6c93988e7aa423653bd40 SHA256=cfc5c585dd4e592dd1a08887ded28b92d9a5820587b6f4f8fa4f56d60289259b SHA256=cfcf32f5662791f1f22a77acb6dddfbc970fe6e99506969b3ea67c03f67687ab SHA256=cff9aa9046bdfd781d34f607d901a431a51bb7e5f48f4f681cc743b2cdedc98c SHA256=d0bd1ae72aeb5f3eabf1531a635f990e5eaae7fdd560342f915f723766c80889 SHA256=d0e25b879d830e4f867b09d6540a664b6f88bad353cd14494c33b31a8091f605 SHA256=d1f4949f76d8ac9f2fa844d16b1b45fb1375d149d46e414e4a4c9424dc66c91f SHA256=d5c4ff35eaa74ccdb80c7197d3d113c9cd38561070f2aa69c0affe8ed84a77c9 SHA256=d7bc7306cb489fe4c285bbeddc6d1a09e814ef55cf30bd5b8daf87a52396f102 SHA256=d7ddf874304556f8a10942a29b3d387cb5155a7419f87813557fe728cb14806d SHA256=d7e091e0d478c34232e8479b950c5513077b3a69309885cee4c61063e5f74ac0 SHA256=d8b58f6a89a7618558e37afc360cd772b6731e3ba367f8d58734ecee2244a530 SHA256=d92eab70bcece4432258c9c9a914483a2267f6ab5ce2630048d3a99e8cb1b482 SHA256=d636c011b8b2896572f5de260eb997182cc6955449b044a739bd19cbe6fdabd2 SHA256=d783ace822f8fe4e25d5387e5dd249cb72e62f62079023216dc436f1853a150f SHA256=d884ca8cc4ef1826ca3ab03eb3c2d8f356ba25f2d20db0a7d9fc251c565be7f3 SHA256=d5562fb90b0b3deb633ab335bcbd82ce10953466a428b3f27cb5b226b453eaf3 SHA256=d5586dc1e61796a9ae5e5d1ced397874753056c3df2eb963a8916287e1929a71 SHA256=d6827cd3a8f273a66ecc33bb915df6c7dea5cc1b8134b0c348303ef50db33476 SHA256=d8459f7d707c635e2c04d6d6d47b63f73ba3f6629702c7a6e0df0462f6478ae2 SHA256=d25904fbf907e19f366d54962ff543d9f53b8fdfd2416c8b9796b6a8dd430e26 SHA256=d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e SHA256=d969845ef6acc8e5d3421a7ce7e244f419989710871313b04148f9b322751e5d SHA256=d74755311d127d0eb7454e56babc2db8dbaa814bc4ba8e2a7754d3e0224778e1 SHA256=da6ca1fb539f825ca0f012ed6976baf57ef9c70143b7a1e88b4650bf7a925e24 SHA256=da11e9598eef033722b97873d1c046270dd039d0e3ee6cd37911e2dc2eb2608d SHA256=db2a9247177e8cdd50fe9433d066b86ffd2a84301aa6b2eb60f361cfff077004 SHA256=db90e554ad249c2bd888282ecf7d8da4d1538dd364129a3327b54f8242dd5653 SHA256=dbb457ae1bd07a945a1466ce4a206c625e590aee3922fa7d86fbe956beccfc98 SHA256=dbc604b4e01362a3e51357af4a87686834fe913852a4e0a8c0d4c1a0f7d076ed SHA256=dbe9f17313e1164f06401234b875fbc7f71d41dc7271de643865af1358841fef SHA256=dcb815eb8e9016608d0d917101b6af8c84b96fb709dc0344bceed02cbc4ed258 SHA256=dd4a1253d47de14ef83f1bc8b40816a86ccf90d1e624c5adf9203ae9d51d4097 SHA256=dd573f23d656818036fc9ae1064eda31aca86acb9bc44a6e127db3ea112a9094 SHA256=dde6f28b3f7f2abbee59d4864435108791631e9cb4cdfb1f178e5aa9859956d8 SHA256=de6bf572d39e2611773e7a01f0388f84fb25da6cba2f1f8b9b36ffba467de6fa SHA256=de8f8006d8ee429b5f333503defa54b25447f4ed6aeade5e4219e23f3473ef1c SHA256=de3597ae7196ca8c0750dce296a8a4f58893774f764455a125464766fcc9b3b5 SHA256=dec8a933dba04463ed9bb7d53338ff87f2c23cfb79e0e988449fc631252c9dcc SHA256=ded2927f9a4e64eefd09d0caba78e94f309e3a6292841ae81d5528cab109f95d SHA256=deecbcd260849178de421d8e2f177dce5c63cf67a48abb23a0e3cf3aa3e00578 SHA256=df0cc4e5c9802f8edaefeb130e375cad56b2c5490d8ebd77d8dbdcc6fdc7ecb6 SHA256=df0dcfb3971829af79629efd036b8e1c6e2127481b3644ccc6e2ddd387489a15 SHA256=dfaefd06b680f9ea837e7815fc1cc7d1f4cc375641ac850667ab20739f46ad22 SHA256=e0b5a5f8333fc1213791af5c5814d7a99615b3951361ca75f8aa5022c9cfbc2b SHA256=e2d8dd5dacc24051709f55a35184f5f99aef957a83bd358b0608b4479e1ec24f SHA256=e2e79f1e696f27fa70d72f97e448081b1fa14d59cbb89bb4a40428534dd5c6f6 SHA256=e3b257357be41a18319332df7023c4407e2b93ac4c9e0c6754032e29f3763eac SHA256=e3eff841ea0f2786e5e0fed2744c0829719ad711fc9258eeaf81ed65a52a8918 SHA256=e3f2ee22dec15061919583e4beb8abb3b29b283e2bcb46badf2bfde65f5ea8dd SHA256=e4a7da2cf59a4a21fc42b611df1d59cae75051925a7ddf42bf216cc1a026eadb SHA256=e4c154a0073bbad3c9f8ab7218e9b3be252ae705c20c568861dae4088f17ffcc SHA256=e4d9f037411284e996a002b15b49bc227d085ee869ae1cd91ba54ff7c244f036 SHA256=e4eca7db365929ff7c5c785e2eab04ef8ec67ea9edcf7392f2b74eccd9449148 SHA256=e005e8d183e853a27ad3bb56f25489f369c11b0d47e3d4095aad9291b3343bf1 SHA256=e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53 SHA256=e5b0772be02e2bc807804874cf669e97aa36f5aff1f12fa0a631a3c7b4dd0dc8 SHA256=e7cbfb16261de1c7f009431d374d90e9eb049ba78246e38bc4c8b9e06f324b6f SHA256=e16dc51c51b2df88c474feb52ce884d152b3511094306a289623de69dedfdf48 SHA256=e32ab30d01dcff6418544d93f99ae812d2ce6396e809686620547bea05074f6f SHA256=e50b25d94c1771937b2f632e10eea875ac6b19c57da703d52e23ad2b6299f0ae SHA256=e58bbf3251906ff722aa63415bf169618e78be85cb92c8263d3715c260491e90 SHA256=e61a54f6d3869b43c4eceac3016df73df67cce03878c5a6167166601c5d3f028 SHA256=e68d453d333854787f8470c8baef3e0d082f26df5aa19c0493898bcf3401e39a SHA256=e86cb77de7b6a8025f9a546f6c45d135f471e664963cf70b381bee2dfd0fdef4 SHA256=e428ddf9afc9b2d11e2271f0a67a2d6638b860c2c12d4b8cc63d33f3349ee93f SHA256=e1980c6592e6d2d92c1a65acad8f1071b6a404097bb6fcce494f3c8ac31385cf SHA256=e3936d3356573ce2e472495cd3ce769f49a613e453b010433dafce5ea498ddc2 SHA256=e4522e2cfa0b1f5d258a3cf85b87681d6969e0572f668024c465d635c236b5d9 SHA256=e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf SHA256=e83908eba2501a00ef9e74e7d1c8b4ff1279f1cd6051707fd51824f87e4378fa SHA256=e07211224b02aaf68a5e4b73fc1049376623793509d9581cdaee9e601020af06 SHA256=e6056443537d4d2314dabca1b9168f1eaaf17a14eb41f6f5741b6b82b3119790 SHA256=e81230217988f3e7ec6f89a06d231ec66039bdba340fd8ebb2bbb586506e3293 SHA256=ea0b9eecf4ad5ec8c14aec13de7d661e7615018b1a3c65464bf5eca9bbf6ded3 SHA256=ea85bbe63d6f66f7efee7007e770af820d57f914c7f179c5fee3ef2845f19c41 SHA256=ebe2e9ec6d5d94c2d58fbcc9d78c5f0ee7a2f2c1aed6d1b309f383186d11dfa3 SHA256=ec5fac0b6bb267a2bd10fc80c8cca6718439d56e82e053d3ff799ce5f3475db5 SHA256=ecd07df7ad6fee9269a9e9429eb199bf3e24cf672aa1d013b7e8d90d75324566 SHA256=ece0a900ea089e730741499614c0917432246ceb5e11599ee3a1bb679e24fd2c SHA256=ecfc52a22e4a41bf53865b0e28309411c60af34a44e31a5c53cdc8c5733e8282 SHA256=ed2f33452ec32830ffef2d5dc832985db9600c306ed890c47f3f33ccbb335c39 SHA256=ee3ff12943ced401e2b6df9e66e8a0be8e449fa9326cab241f471b2d8ffefdd7 SHA256=ee45fd2d7315fd039f3585a66e7855ba4af9d4721e1448e602623de14e932bbe SHA256=eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b SHA256=ef6d3c00f9d0aa31a218094480299ef73fc85146adf62fd0c2f4f88972c5c850 SHA256=ef86c4e5ee1dbc4f81cd864e8cd2f4a2a85ee4475b9a9ab698a4ae1cc71fbeb0 SHA256=f1c8ca232789c2f11a511c8cd95a9f3830dd719cad5aa22cb7c3539ab8cb4dc3 SHA256=f4ff679066269392f6b7c3ba6257fc60dd609e4f9c491b00e1a16e4c405b0b9b SHA256=f05b1ee9e2f6ab704b8919d5071becbce6f9d0f9d0ba32a460c41d5272134abe SHA256=f6cd7353cb6e86e98d387473ed6340f9b44241867508e209e944f548b9db1d5f SHA256=f15ae970e222ce06dbf3752b223270d0e726fb78ebec3598b4f8225b5a0880b1 SHA256=f37d609ea1f06660d970415dd3916c4c153bb5940bf7d2beb47fa34e8a8ffbfc SHA256=f51bdb0ad924178131c21e39a8ccd191e46b5512b0f2e1cc8486f63e84e5d960 SHA256=f74ffd6916333662900cbecb90aca2d6475a714ce410adf9c5c3264abbe5732c SHA256=f84f8173242b95f9f3c4fea99b5555b33f9ce37ca8188b643871d261cb081496 SHA256=f85cca4badff17d1aa90752153ccec77a68ad282b69e3985fdc4743eaea85004 SHA256=f85eb576acb5db0d2f48e5f09a7244165a876fa1ca8697ebb773e4d7071d4439 SHA256=f088b2ba27dacd5c28f8ee428f1350dca4bc7c6606309c287c801b2e1da1a53d SHA256=f88ebb633406a086d9cca6bc8b66a4ea940c5476529f9033a9e0463512a23a57 SHA256=f581decc2888ef27ee1ea85ea23bbb5fb2fe6a554266ff5a1476acd1d29d53af SHA256=f596e64f4c5d7c37a00493728d8756b243cfdc11e3372d6d6dfeffc13c9ab960 SHA256=f0605dda1def240dc7e14efa73927d6c6d89988c01ea8647b671667b2b167008 SHA256=f744abb99c97d98e4cd08072a897107829d6d8481aee96c22443f626d00f4145 SHA256=f929bead59e9424ab90427b379dcdd63fbfe0c4fb5e1792e3a1685541cd5ec65 SHA256=f8430bdc6fd01f42217d66d87a3ef6f66cb2700ebb39c4f25c8b851858cc4b35 SHA256=f8886a9c759e0426e08d55e410b02c5b05af3c287b15970175e4874316ffaf13 SHA256=f8965fdce668692c3785afa3559159f9a18287bc0d53abb21902895a8ecf221b SHA256=f29073dc99cb52fa890aae80037b48a172138f112474a1aecddae21179c93478 SHA256=f85784fa8e7a7ec86cb3fe76435802f6bb82256e1824ed7b5d61bf075f054573 SHA256=f877296e8506e6a1acbdacdc5085b18c6842320a2775a329d286bac796f08d54 SHA256=f9895458e73d4b0ef01eda347fb695bb00e6598d9f5e2506161b70ad96bb7298 SHA256=f40435488389b4fb3b945ca21a8325a51e1b5f80f045ab019748d0ec66056a8b SHA256=fa875178ae2d7604d027510b0d0a7e2d9d675e10a4c9dda2d927ee891e0bcb91 SHA256=fafa1bb36f0ac34b762a10e9f327dcab2152a6d0b16a19697362d49a31e7f566 SHA256=fb6b0d304433bf88cc7d57728683dbb4b9833459dc33528918ead09b3907ff22 SHA256=fb81b5f8bf69637dbdf050181499088a67d24577587bc520de94b5ee8996240f SHA256=fc22977ff721b3d718b71c42440ee2d8a144f3fbc7755e4331ddd5bcc65158d2 SHA256=fca10cde7d331b7f614118682d834d46125a65888e97bd9fda2df3f15797166c SHA256=fcdfe570e6dc6e768ef75138033d9961f78045adca53beb6fdb520f6417e0df1 SHA256=fd33fb2735cc5ef466a54807d3436622407287e325276fcd3ed1290c98bd0533 SHA256=fd388cf1df06d419b14dedbeb24c6f4dff37bea26018775f09d56b3067f0de2c SHA256=fd8669794c67b396c12fc5f08e9c004fdf851a82faf302846878173e4fbecb03 SHA256=fda93c6e41212e86af07f57ca95db841161f00b08dae6304a51b467056e56280 SHA256=ff115cefe624b6ca0b3878a86f6f8b352d1915b65fbbdc33ae15530a96ebdaa7 SHA256=ff6729518a380bf57f1bc6f1ec0aa7f3012e1618b8d9b0f31a61d299ee2b4339 SHA256=ff9623317287358440ec67da9ba79994d9b17b99ffdd709ec836478fe1fc22a5 SHA256=ffc72f0bde21ba20aa97bee99d9e96870e5aa40cce9884e44c612757f939494f SHA256=56066ed07bad3b5c1474e8fae5ee2543d17d7977369b34450bd0775517e3b25c SHA256=06a0ec9a316eb89cb041b1907918e3ad3b03842ec65f004f6fa74d57955573a4 SHA256=86047bb1969d1db455493955fd450d18c62a3f36294d0a6c3732c88dfbcc4f62 SHA256=06c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f SHA256=8dafe5f3d0527b66f6857559e3c81872699003e0f2ffda9202a1b5e29db2002e SHA256=81c7bb39100d358f8286da5e9aa838606c98dfcc263e9a82ed91cd438cb130d1 SHA256=6661320f779337b95bbbe1943ee64afb2101c92f92f3d1571c1bf4201c38c724 SHA256=ea50f22daade04d3ca06dedb497b905215cba31aae7b4cab4b533fda0c5be620 SHA256=0440ef40c46fdd2b5d86e7feef8577a8591de862cfd7928cdbcc8f47b8fa3ffc SHA256=c0d88db11d0f529754d290ed5f4c34b4dba8c4f2e5c4148866daabeab0d25f9c SHA256=e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d SHA256=18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7 SHA256=139f8412a7c6fdc43dcfbbcdba256ee55654eb36a40f338249d5162a1f69b988 SHA256=b0eb4d999e4e0e7c2e33ff081e847c87b49940eb24a9e0794c6aa9516832c427 SHA256=1485c0ed3e875cbdfc6786a5bd26d18ea9d31727deb8df290a1c00c780419a4e SHA256=6b5cf41512255237064e9274ca8f8a3fef820c45aa6067c9c6a0e6f5751a0421 SHA256=0d10c4b2f56364b475b60bd2933273c8b1ed2176353e59e65f968c61e93b7d99 SHA256=ad938d15ecfd70083c474e1642a88b078c3cea02cdbddf66d4fb1c01b9b29d9a SHA256=89698cad598a56f9e45efffd15d1841e494a2409cc12279150a03842cd6bb7f3 SHA256=5f6fec8f7890d032461b127332759c88a1b7360aa10c6bd38482572f59d2ba8b SHA256=fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5 SHA256=05b146a48a69dd62a02759487e769bd30d39f16374bc76c86453b4ae59e7ffa4 SHA256=6994b32e3f3357f4a1d0abe81e8b62dd54e36b17816f2f1a80018584200a1b77 SHA256=6908ebf52eb19c6719a0b508d1e2128f198d10441551cbfb9f4031d382f5229f SHA256=32882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d SHA256=fd223833abffa9cd6cc1848d77599673643585925a7ee51259d67c44d361cce8 SHA256=6839fcae985774427c65fe38e773aa96ec451a412caa5354ad9e2b9b54ffe6c1 SHA256=f9f2091fccb289bcf6a945f6b38676ec71dedb32f3674262928ccaf840ca131a SHA256=7a7e8df7173387aec593e4fe2b45520ea3156c5f810d2bb1b2784efd1c922376 SHA256=96bf3ee7c6673b69c6aa173bb44e21fa636b1c2c73f4356a7599c121284a51cc SHA256=b9dad0131c51e2645e761b74a71ebad2bf175645fa9f42a4ab0e6921b83306e3 SHA256=e6a7b0bc01a627a7d0ffb07faddb3a4dd96b6f5208ac26107bdaeb3ab1ec8217 SHA256=200f98655d1f46d2599c2c8605ebb7e335fee3883a32135ca1a81e09819bc64a SHA256=8d9a2363b757d3f127b9c6ed8f7b8b018e652369bc070aa3500b3a978feaa6ce SHA256=c8f9e1ad7b8cce62fba349a00bc168c849d42cfb2ca5b2c6cc4b51d054e0c497 SHA256=23e89fd30a1c7db37f3ea81b779ce9acf8a4294397cbb54cff350d54afcfd931 SHA256=575e58b62afab094c20c296604dc3b7dd2e1a50f5978d8ee24b7dca028e97316 SHA256=5b932eab6c67f62f097a3249477ac46d80ddccdc52654f8674060b4ddf638e5d SHA256=e6f764c3b5580cd1675cbf184938ad5a201a8c096607857869bd7c3399df0d12 SHA256=9bb09752cf3a464455422909edef518ac18fe63cf5e1e8d9d6c2e68db62e0c87 SHA256=f8236fc01d4efaa48f032e301be2ebba4036b2cd945982a29046eca03944d2ae SHA256=e7af7bcb86bd6bab1835f610671c3921441965a839673ac34444cf0ce7b2164e SHA256=9b1b15a3aacb0e786a608726c3abfc94968915cedcbd239ddf903c4a54bfcf0c SHA256=f936ec4c8164cbd31add659b61c16cb3a717eac90e74d89c47afb96b60120280 SHA256=9c2f3e9811f7d0c7463eaa1ee6f39c23f902f3797b80891590b43bbe0fdf0e51 SHA256=b8807e365be2813b7eccd2e4c49afb0d1e131086715638b7a6307cd7d7e9556c SHA256=50819a1add4c81c0d53203592d6803f022443440935ff8260ff3b6d5253c0c76 SHA256=52d5c35325ce701516f8b04380c9fbdb78ec6bcc13b444f758fdb03d545b0677 SHA256=7f4555a940ce1156c9bcea9a2a0b801f9a5e44ec9400b61b14a7b1a6404ffdf6 SHA256=8e035beb02a411f8a9e92d4cf184ad34f52bbd0a81a50c222cdd4706e4e45104 SHA256=8578bff36e3b02cc71495b647db88c67c3c5ca710b5a2bd539148550595d0330 SHA256=4734a0a5d88f44a4939b8d812364cab6ca5f611b9b8ceebe27df6c1ed3a6d8a4 SHA256=88076e98d45ed3adf0c5355411fe8ca793eb7cec1a1c61f5e1ec337eae267463 SHA256=749b0e8c8c8b7dda8c2063c708047cfe95afa0a4d86886b31a12f3018396e67c SHA256=49c827cf48efb122a9d6fd87b426482b7496ccd4a2dbca31ebbf6b2b80c98530 SHA256=d7c81b0f3c14844f6424e8bdd31a128e773cb96cccef6d05cbff473f0ccb9f9c SHA256=f6c316e2385f2694d47e936b0ac4bc9b55e279d530dd5e805f0d963cb47c3c0d SHA256=5c1585b1a1c956c7755429544f3596515dfdf928373620c51b0606a520c6245a SHA256=5bc3994612624da168750455b363f2964e1861dba4f1c305df01b970ac02a7ae SHA256=bb2422e96ea993007f25c71d55b2eddfa1e940c89e895abb50dd07d7c17ca1df SHA256=42b22faa489b5de936db33f12184f6233198bdf851a18264d31210207827ba25 SHA256=f461414a2596555cece5cfee65a3c22648db0082ca211f6238af8230e41b3212 SHA256=770f33259d6fb10f4a32d8a57d0d12953e8455c72bb7b60cb39ce505c507013a C:\Users Appdata smartgit C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe Msp.Ecosystem.Discovery.exe C:\ProgramData\Microsoft\Windows Defender\Platform MsMpEng.exe