md5,sha1,sha256,imphash
TEMP\nessus_;nessus_task_list
TEMP\nessus_;nessus_task_list
rcpping;tcpping;tcping;routerscan;grabff;Port-Scan;netscan;\nmap;ipscan;nacmdline.exe
advanced_port_scanner.exe;rcpping.exe;nc.exe;nc64.exe;netcat.exe;ncat.exe;nmap.exe;zenmap.exe;advanced_ip_scanner.exe
Network Scanner;Advanced IP Scanner
adfind
adfind
-gcb -sc;/gcb /sc;-f (objectcategory=;/f (objectcategory=;trustdmp
PurpleSharp;xyz123456
PurpleSharp
/serverlevelplugindll
add;sslcert;http
http del sslcert
C:\Users\
Content.Outlook
.SettingContent-ms
immersivecontrolpanel
Hwp.exe
gbb.exe
iexplore.exe;chrome.exe;firefox.exe;browser_broker.exe;vivaldi.exe;microsoftedge.exe;microsoftedgecp.exe;brave.exe;vivaldi.exe
tracert.exe;csc.exe;cscript.exe;wscript.exe;cmd.exe;powershell.exe;bash.exe;scrcons.exe;schtasks.exe;hh.exe;regsvr32.exe;regsvcs.exe;sh.exe;wmic.exe;mshta.exe;rundll32.exe;msiexec.exe;forfiles.exe;scriptrunner.exe;mftrace.exe;AppVLP.exe;svchost.exe;MicroScMgmt.exe;FLTLDR.exe;wmic.exe;Microsoft.Workflow.Compiler.exe;atbroker.exe;bginfo.exe;certutil.exe;csi.exe;dnx.exe;cdb.exe;bitsadmin.exe;forfiles.exe;fsi.exe;ftp.exe;hostname.exe;gpresult.exe;ipconfig.exe;nbtstat.exe;ping.exe;pwsh.exe;qprocess.exe;quser.exe;qwinsta.exe;reg.exe;svchost.exe;installutil.exe;pwsh.exe;msxsl.exe;ieexec.exe;msdt.exe;verclsid.exe
apt-config
SentinelBrowserNativeHost.exe
cmd.exe /c C:\Windows\Setup\Scripts\SetupComplete.cmd;cmd.exe /c C:\Windows\Setup\Scripts\PartnerSetupComplete.cmd
C:\Windows\Setup
C:\Windows\SysWOW64
C:\Windows\System32
C:\Windows\WinSxS
consent.exe
http
iexplore.exe
SYSTEM
w3wp.exe
\csc.exe;\TranscodingService.exe;\werfault.exe;\appcmd.exe
w3wp.exe
appcmd.exe
appcmd.exe add module;system.enterpriseservices.internal.publish;\gacutil.exe /I;gacutil.exe -I
apache;php-cgi.exe;nginx.exe;httpd.exe;tomcat;php.exe
arp.exe;at.exe;cscript.exe;wscript.exe;cmd.exe;powershell.exe;bash.exe;scrcons.exe;schtasks.exe;hh.exe;regsvr32.exe;sh.exe;ping.exe;whoami.exe;net.exe;net1.exe;systeminfo.exe;bitsadmin.exe;dsget.exe;dsquery.exe;find.exe;findstr.exe;fsutil.exe;hostname.exe;ipconfig.exe;nbtstat.exe;net.exe;net1.exe;netdom.exe;netsh.exe;netstat.exe;nltest.exe;nslookup.exe;ntdutil.exe;pathping.exe;qprocess.exe;query.exe;qwinsta.exe;reg.exe;rundll32.exe;sc.exe;schtasks.exe;systeminfo.exe;tasklist.exe;tracert.exe;ver.exe;vssadmin.exe;wevtutil.exe;whoami.exe;wmic.exe;wusa.exe;certutil.exe
cmd.exe
ping 127.0.0.1
c:\windows\system32\inetsrv\
svchost.exe;termsvcs
rdpclip.exe;csrss.exe;wininit.exe
dns.exe
werfault.exe;conhost.exe;dnscmd.exe;dns.exe
UMWorkerProcess.exe;UMService.exe
perfenabled
UMWorkerProcess.exe;UMService.exe
perfenabled
wemgr.exe;werfault.exe
\wwwroot\
\Atlassian\Confluence\jre\bin\java.exe
cmd;powershell;certutil;curl;whoami;ipconfig;mshta;wscript;cscript;rundll32;bitsadmin
DesktopCentral_Server\jre\bin\java.exe
cmd;powershell;certutil;curl;whoami;ipconfig;mshta;wscript;cscript;rundll32;bitsadmin
\jre\bin\java.exe
cmd;powershell;pwsh;certutil;curl;whoami;ipconfig;mshta;wscript;cscript;rundll32;bitsadmin;pwsh.exe;bitsadmin;hh.exe;wmic.exe;rundll32.exe;forfiles.exe;scriptrunner.exe;mftrace.exe;AppVLP.exe;curl.exe
\Atlassian\Confluence\jre\bin\java.exe
sqlservr
arp.exe;at.exe;cscript.exe;wscript.exe;cmd.exe;powershell;bash.exe;scrcons.exe;schtasks.exe;hh.exe;regsvr32.exe;sh.exe;ping.exe;whoami.exe;net.exe;net1.exe;systeminfo.exe;bitsadmin.exe;dsget.exe;dsquery.exe;find.exe;findstr.exe;fsutil.exe;hostname.exe;ipconfig.exe;nbtstat.exe;net.exe;net1.exe;netdom.exe;netsh.exe;netstat.exe;nltest.exe;nslookup.exe;ntdutil.exe;pathping.exe;qprocess.exe;query.exe;qwinsta.exe;reg.exe;rundll32.exe;sc.exe;schtasks.exe;systeminfo.exe;tasklist.exe;tracert.exe;ver.exe;vssadmin.exe;wevtutil.exe;whoami.exe;wmic.exe;wusa.exe;sh.exe;bash.exe
keytool.exe
cmd;powershell;pwsh;certutil;curl;whoami;ipconfig;mshta;wscript;cscript;rundll32;bitsadmin;pwsh.exe;bitsadmin;hh.exe;wmic.exe;rundll32.exe;forfiles.exe;scriptrunner.exe;mftrace.exe;AppVLP.exe;curl.exe
bash.exe;cmd.exe;powershell.exe;pwsh.exe
id -Gn `;id /Gn `;id -Gn ';id /Gn '
e=Access&;y=Guest&;&p=;&c=;&k=
wmic.exe
process;call;create
wmic.exe
call set priority;call terminate;product get name;bios, get serialNumber;BIOS GET SERIALNUMBER;onboarddevice get;useraccount where name;useraccount get;path win32_networkadapter where index=;process list;useraccount get /ALL;useraccount list;qfe get description,installedOn /format:csv;process get caption,executablepath,commandline;service get name,displayname,pathname,startmode;share list;win32_share
C:\Users\;$Recycle;\Temp\;\Downloads\
\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1
conhost.exe
C:\Program Files (x86)\N-able Technologies\Windows Agent\Temp\Msp.Ecosystem.Discovery.exe;TCIntegratorCommHelper.exe;\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
svchost.exe;lsass.exe;services.exe;smss.exe;winlogon.exe;explorer.exe;dllhost.exe;rundll32.exe;regsvr32.exe;userinit.exe;winit.exe;spoolsv.exe;wermgr.exe;csrss.exe;ctfmon.exe;werfault.exe
conhost.exe
conhost.exe
:\Windows\splwow64.exe;:\Windows\System32\WerFault.exe;:\Windows\System32\conhost.exe
\cmd.exe;WindowsTerminal;powershell
explorer.exe
cmd.exe
powershell.exe;powershell_ise.exe
Get-ItemProperty HKLM:\software\wow6432node\microsoft\windows\currentversion\uninstall\
mysql server
select-object displayversion,displayname
cscript.exe;wscript.exe
powershell.exe;powershell_ise.exe
cscript.exe;wscript.exe
powershell.exe;powershell_ise.exe
powershell.exe;powershell_ise.exe
mshta.exe
wscript.exe;cscript.exe
IEX;Net.WebClient;ospp.vbs;powershell;slmgr.vbs;spiceworks_upload
wscript.exe
.jse;.js;.vba;.vbe
\wscript.exe;\cscript.exe
\rundll32.exe;regsvr32.exe
\rundll32.exe;regsvr32.exe
.dll;.cpl;.ocx;localserver;enable-speech-input;auto-scan-plugin;enable-media-stream;CastMediaRouteProvider;-eoim;/eoim
setupapi;InstallHinfSection;DefaultInstall;SplunkUniversalForwarder\bin\spl;rundll32.exe "C:\Windows\Installer\MSI
\MSI;.tmp",zzzInvokeManagerCustomActionOutOfProc
cscript.exe
.jse;.js;.vba;.vbe
mshta vbscript:CreateObject("Wscript.Shell");mshta vbscript:Execute("Execute;mshta vbscript:CreateObject("Wscript.Shell").Run("mshta.exe;javascript:a=
.jpg;.png;.lnk;.xls;.doc;.zip;.sct;.hta
C:\Windows\Temp\hpqhvind.exe;C:\ProgramData\DRM\;Test.exe
C:\ProgramData\DRM;wmplayer.exe;C:\ProgramData\DRM\CLR\CLR.EXE
regedit.exe
explorer.exe
\svchost.exe;\taskhostw.exe;\userinit.exe;\smss.exe;\csrss.exe;\wininit.exe;\winlogon.exe;\lsass.exe;\logonui.exe;\services.exe
C:\windows\System32\;C:\windows\syswow64\
\wininit.exe;\winlogon.exe;\services.exe;\dwm.exe;System;\smss.exe;\svchost.exe
\spoolsv.exe;\PrintIsolationHost.exe
C:\Windows\System32\spoolsv.exe;\GPLGS\gswin32c.exe;C:\Windows\System32\spool\drivers\;\bin\gswin64c.exe;C:\PROGRA~2\CUTEPD~1\;C:\Windows\EEFPrinter.exe
C:\Windows\system32\spool\DRIVERS
Brother Industries;Thomson Reuters
COMSPEC
ScriptFile
\Temp\7z
\Temp\Temp1_
\Temp\Rar$
powershell.exe;powershell_ise.exe
C:\users\
Microsoft VS Code\Code.exe
\Deployment tool extract\setupodt.exe
Shellcode
ipy.exe
python.exe
-agentpath:
-agentlib:
winword.exe;excel.exe;powerpnt.exe;outlook.exe;msaccess.exe;mspub.exe;visio.exe;notepad.exe;wordpad.exe;eqnedt32.exe;wordview.exe
tracert.exe;csc.exe;cscript.exe;wscript.exe;cmd.exe;powershell.exe;bash.exe;scrcons.exe;schtasks.exe;hh.exe;regsvr32.exe;regsvcs.exe;sh.exe;wmic.exe;mshta.exe;rundll32.exe;msiexec.exe;forfiles.exe;scriptrunner.exe;mftrace.exe;AppVLP.exe;svchost.exe;MicroScMgmt.exe;FLTLDR.exe;wmic.exe;Microsoft.Workflow.Compiler.exe;atbroker.exe;bginfo.exe;certutil.exe;csi.exe;dnx.exe;cdb.exe;bitsadmin.exe;forfiles.exe;fsi.exe;ftp.exe;hostname.exe;gpresult.exe;ipconfig.exe;nbtstat.exe;ping.exe;pwsh.exe;qprocess.exe;quser.exe;qwinsta.exe;reg.exe;svchost.exe;installutil.exe;pwsh.exe;msxsl.exe;ieexec.exe;msdt.exe;verclsid.exe;msidb.exe
.cmd;-
C:\Windows\system32\spool\DRIVERS\
PhotoViewer.dll
outlook.exe
http:;https:;ftp:;mailto:;tel:
.html
outlook.exe
http:;https:;ftp:;mailto:;tel:
.html"
outlook.exe
http:;https:;ftp:;mailto:;tel:
.html"
outlook.exe
.pdf"
outlook.exe
.pdf
outlook.exe
.iso"
outlook.exe
.iso
outlook.exe
\iexplore.exe;\chrome.exe;\firefox.exe;\MicrosoftEdge;browser_broker.exe;\vivaldi.exe;\brave.exe;\opera.exe;BrowserAssist.exe;\msedgewebview;\msedge.exe
http:;https:;ftp:;mailto:;tel:
outlook.exe
http:;https:;ftp:;mailto:;tel:
\Content.Outlook\;\Downloads\;\Documents\;:\Users\Public\;\Desktop\
outlook.exe
\\
winword.exe;excel.exe;powerpnt.exe;outlook.exe;msaccess.exe;mspub.exe;visio.exe;notepad.exe;wordpad.exe;eqnedt32.exe;wordview.exe
C:\Users\
.exe
Zoom Video
Firefox
Microsoft Edge
Microsoft Teams
GrammarlyAddInSetupe
Teams.exe
Zoom.exe
browser_broker.exe
chrome.exe
edge.exe
firefox.exe
iexplore.exe
vivaldi.exe
winword.exe;excel.exe;powerpnt.exe;outlook.exe;msaccess.exe;mspub.exe;visio.exe;notepad.exe;wordpad.exe;eqnedt32.exe;wordview.exe
C:\ProgramData\
Firefox
Microsoft Edge
Microsoft Teams
Zoom Video
.zip\
acrobat.exe;acrord32.exe
tracert.exe;csc.exe;cscript.exe;wscript.exe;cmd.exe;powershell.exe;bash.exe;scrcons.exe;schtasks.exe;hh.exe;regsvr32.exe;regsvcs.exe;sh.exe;wmic.exe;mshta.exe;rundll32.exe;msiexec.exe;forfiles.exe;scriptrunner.exe;mftrace.exe;AppVLP.exe;svchost.exe;MicroScMgmt.exe;FLTLDR.exe;wmic.exe;Microsoft.Workflow.Compiler.exe;atbroker.exe;bginfo.exe;certutil.exe;csi.exe;dnx.exe;cdb.exe;bitsadmin.exe;forfiles.exe;fsi.exe;ftp.exe;hostname.exe;gpresult.exe;ipconfig.exe;nbtstat.exe;ping.exe;pwsh.exe;qprocess.exe;quser.exe;qwinsta.exe;reg.exe;svchost.exe;installutil.exe;pwsh.exe;msxsl.exe;ieexec.exe;msdt.exe;verclsid.exe
winword.exe;powerpnt.exe;excel.exe
control.exe
input.dll
msdt.exe
msdt.exe
BrowseForFile=;PCWDiagnostic
/af;-af
msdt.exe
pcwrun.exe
PCWDiagnostic
msdt.exe
/cab;-cab
.diagcab
powershell.exe;pwsh.exe;cmd.exe;mshta.exe;cscript.exe;wscript.exe;wsl.exe;rundll32.exe;regsvr32.exe
msdt.exe
EQNEDT32.EXE
winword.exe;excel.exe;powerpnt.exe
FLTLDR.EXE
/dde;-dde
schtasks.exe
/create;-create;/change;-change
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\
C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe
Sentinel\AutoRepair
Update_Sysmon_Rules
C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe
taskeng.exe
6.3.9600.20773 (winblue_ltsb_escrow.221219-1740)
schtasks.exe
/Run;-run
Sentinel\AutoRepair
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\
schtasks.exe
schtasks /TN RtkAudUService64_BG
-change;/change;-delete;/delete;-create;/create;Update_Sysmon_Rules;AMDRyzenMasterSDKTask
at.exe
at.exe
C:\Windows\System32\svchost.exe
netsvcs;-p;-s;Schedule
netsvcs;-p;-s;Schedule
net.exe;net1.exe;net2.exe
stop
tvsu_tmp
net.exe;net1.exe;net2.exe
start
tvsu_tmp
wmiprvse.exe;mmc.exe;explorer.exe;services.exe
&1;cmd.exe;\\127.0.0.1\;/Q /c
wmiprvse.exe;mmc.exe;explorer.exe;services.exe
&1;cmd.exe;\\127.0.0.1\;-Q -c
schtasks;Create;ONLOGON;TN;Updater;TR;powershell
sc.exe
create
\NIC_Emulex_Firmware\;C:\Windows\Temp\ExchangeSetup\
sc.exe
config;binpath
Ecosystem.AgentSetup.tmp
cmd.exe;powershell.exe
services.exe
new-service
psexesvc.exe
Execute processes remotely
psexe
PsExec Service
PsExec Launched
accepteula
Execute processes remotely
-s;/s
psexec.exe
pskill.exe
pskill
C:\WINDOWS\system32\svchost.exe -k NetworkService -p
C:\WINDOWS\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
C:\WINDOWS\System32\svchost.exe -k netprofm -p -s netprofm
C:\WINDOWS\system32\svchost.exe;RPCSS
C:\WINDOWS\system32\svchost.exe;RPCSS
werfault.exe
&& type
>
cmd.exe" /c cd
ntdsutil;/set {default} recoveryenabled no;telnet ;-dumpcr;putty;bash.exe;pssh;shareenum;sekurlsa;reg save;reg save;psscan;shellexec;vbscript:createobject;/output:clipboard;root\\default;root\\subscription;Wmiclass;WmiCl'+'as'+'s;export-mft;ApplicationImpersonation
C:\Program Files (x86)\mRemoteNG\PuTTYNG.exe
ERROR kuhl;windows/meterpreter;InjectDLL;ReflectiveLoader;Koadic.;@subtee;-donate-level=;stratum+tcp;Win32_TaskService;FilterToConsumerBinding;Invoke-Stager;Invoke-FruityC2;smbscanner;Invoke-ReverseDNSLookup;Invoke-ARPScan;Invoke-Paranoia;Find-TrustedDocuments;Find-Fruit;Get-RickAstley;PowerView;Invoke-Tater;Get-System;Get-SiteListPassword;PowerBreach;Invoke-BackdoorLNK;Install-SSP;Get-SecurityPackages;Invoke-SSHCommand;Invoke-PsExec;Invoke-InveighRelay;Set-Wallpaper;Invoke-VoiceTroll;Invoke-ThunderStruck;Exploit-Jboss;Invoke-PowerDump;Invoke-DCSync;Get-VaultCredential;Set-MacAttribute;New-HoneyHash;MailRaider;Invoke-RunAs;Invoke-PSInject;Invoke-EgressCheck;Invoke-NetRipper;Invoke-Inveigh;Get-Screenshot;Get-IndexedItem;Get-FoxDump'Get-Clipboard;Get-ChromeDump;Start-CaptureServer;Add-Persistence;Add-Exfiltration;Invoke-PowerShellWMI;Invoke-PowerShellTCP;Invoke-PoshRatHttp;Show-TargetScreen;Get-PassHashes;Get-LSASecret;Check-VM;Remove-Update;Enabled-DuplicateToken;Invoke-ADSBackdoor;Gupt-Backdoor;Add-ScrnSaveBackdoor;Add-RegBackdoor;Get-Unconstrained;Get-RegAlwaysInstallElevated;Get-ApplicationHost;Get-WebConfig;Get-UnattendedInstallFile;Get-VulnAutoRun;Get-RegAutoLogon;Install-ServiceBinary;Invoke-ServiceAbuse;Get-ServicePermission;Get-ServiceFilePermission;Get-ServiceUnquoted;Invoke-DowngradeAccount;Invoke-ACLScanner;Find-GPOLocation;Invoke-UserHunter;Invoke-ReflectivePEInjectionInvoke-ReflectivePEInjection;Invoke-ReflectivePEInjection;VolumeShadowCopyTools;Out-Minidump;Invoke-TokenManipulation;Invoke-DllInjection;Invoke-SessionGopher;Invoke-Shellcode;Invoke-WmiCommand;Get-GPPPassword;Get-Keystrokes;Get-TimedScreenshot;Get-VaultCredential;Invoke-CredentialInjection;Invoke-NinjaCopy
ERROR kuhl;windows/meterpreter;InjectDLL;ReflectiveLoader;Koadic.;@subtee;-donate-level=;stratum+tcp;Win32_TaskService;FilterToConsumerBinding;Invoke-Stager;Invoke-FruityC2;smbscanner;Invoke-ReverseDNSLookup;Invoke-ARPScan;Invoke-Paranoia;Find-TrustedDocuments;Find-Fruit;Get-RickAstley;PowerView;Invoke-Tater;Get-System;Get-SiteListPassword;PowerBreach;Invoke-BackdoorLNK;Install-SSP;Get-SecurityPackages;Invoke-SSHCommand;Invoke-PsExec;Invoke-InveighRelay;Set-Wallpaper;Invoke-VoiceTroll;Invoke-ThunderStruck;Exploit-Jboss;Invoke-PowerDump;Invoke-DCSync;Get-VaultCredential;Set-MacAttribute;New-HoneyHash;MailRaider;Invoke-RunAs;Invoke-PSInject;Invoke-EgressCheck;Invoke-NetRipper;Invoke-Inveigh;Get-Screenshot;Get-IndexedItem;Get-FoxDump'Get-Clipboard;Get-ChromeDump;Start-CaptureServer;Add-Persistence;Add-Exfiltration;Invoke-PowerShellWMI;Invoke-PowerShellTCP;Invoke-PoshRatHttp;Show-TargetScreen;Get-PassHashes;Get-LSASecret;Check-VM;Remove-Update;Enabled-DuplicateToken;Invoke-ADSBackdoor;Gupt-Backdoor;Add-ScrnSaveBackdoor;Add-RegBackdoor;Get-Unconstrained;Get-RegAlwaysInstallElevated;Get-ApplicationHost;Get-WebConfig;Get-UnattendedInstallFile;Get-VulnAutoRun;Get-RegAutoLogon;Install-ServiceBinary;Invoke-ServiceAbuse;Get-ServicePermission;Get-ServiceFilePermission;Get-ServiceUnquoted;Invoke-DowngradeAccount;Invoke-ACLScanner;Find-GPOLocation;Invoke-UserHunter;Invoke-ReflectivePEInjectionInvoke-ReflectivePEInjection;Invoke-ReflectivePEInjection;VolumeShadowCopyTools;Out-Minidump;Invoke-TokenManipulation;Invoke-DllInjection;Invoke-SessionGopher;Invoke-Shellcode;Invoke-WmiCommand;Get-GPPPassword;Get-Keystrokes;Get-TimedScreenshot;Get-VaultCredential;Invoke-CredentialInjection;Invoke-NinjaCopy
--disable-http2 --disable-quic
/Client/Login?id=
JABzA
2f40abbb4f78e77745f0e657a19903fc953cc664;478dc5a5f934c62a9246f7d1fc275868f568bc07;37b4496e650b3994312c838435013560b3ca8571;37b4496e650b3994312c838435013560b3ca8571;e8542c07b2af63ee7e72ce5d97d91036c5da56e2b091aa2afe737b224305d230;08c34c6ac9186b61d9f29a77ef5e618067e0bc9fe85cab1ad25dc6049c376949;5fc4b0076eac7aa7815302b0c3158076e3569086c4c6aa2f71cd258238440d14;bef59b9a3e00a14956e0cd4a1f3e7524448cbe5d3cc1295d95a15b83a3579c59;2c1d3d0a9c6f76726994b88589219cb8d9c39dd9924bc8d2d02bf41d955fe326;1a2ab4df156ccd685f795baee7df49f8e701f271d3e5676b507112e30ce03c42;758598370c3b84c6fbb452e3d7119f700f970ed566171e879d3cb41102154272;5c776a33568f4c16fee7140c249c0d2b1e0798a96c7a01bfd2d5684e58c9bb32;c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1;c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1;36dd195269979e01a29e37c488928497;7d9d29c1c03461608bcab930fef2f568;807d86da63f0db1fc746d1f0b05bc357;849a2b0dc80aeca3d175c139efe5221c;86A4CAC227078B9C95C560C8F0370BF0;98908ce6f80ecc48628c8d2bf5b2a50c;a4b42c2c95d1f2ff12171a01c86cd64f;4abe604916c04fe3dd8b9cb3d501d3f;eac3e3ece94bc84e922ec077efb15edd;128CECC59C91C0D0574BC1075FE7CB40;88777aacd5f16599547926a4c9202862;0f49621b06f2cdaac8850c6e9581a594;17a36ac3e31f3a18936552aff2c80249;322cb39bc049aa69136925137906d855;2010f38ef300be4349e7bc287e720b1ecec678cacbf0ea0556bcf765f6e073ec;cd4b9d0f2d1c0468750855f0ed352c1ed6d4f512d66e0e44ce308688235295b5;5b102bf4d997688268bab45336cead7cdf188eb0d6355764e53b4f62e1cdf30c;b017b9fc2484ce0a5629ff1fed15bca9f62f942eafbb74da6a40f40337187b04;6a251ed6a2c6a0a2be11f2a945ec68c814d27e2b6ef445f4b2c7a779620baa11;3d129263f6a48647f103a04446fb0c2f;37cd353621b0f4fc6981b50071c94f01;1b60021baedc3f9201bcdb40e9b87f62;71345b139166482acaa568ac8816c7bc;5E022694C0DBD1FBBC263D608E577949;304772c80b157a916c7041f2f15939fb;291ff87948e45914424cec9510c297da;b8fcd4a3902064907fb19e0da3ca7aed72a7e6d1f94d971d1ee7a4d3af6a800d;965884f19026913b2c57b8cd4a86455a61383de01dabb69c557f45bb848f6c26;4a069c1abe5aca148d5a8fdabc26751e;dc5733c013378fa418d13773f5bfe6f1;c579341f86f7e962719c7113943bb6e4;d326e629a90e78825645963b35e53a6a;5E022694C0DBD1FBBC263D608E577949;53841a0c6a3ff92976db08bfdf95e083;dc7e564809d6c2a2f3457c3c9b91f22b;5470f0644589685000154cb7d3f60280acb16e39ca961cce2c016078b303bc1b;FE2CA1BE3BDA2A757036A89E54CC02DB;FE2CA1BE3BDA2A757036A89E54CC02DB
22d142f11cf2a30ea4953e1fffb0fa7e;2317d65da4639f4246de200650a70753;27612cb03c89158225ca201721ea1aad;412956675fbc3f8c51f438c1abc100eb;daf2da52475fd8981b19ec3c321a983c;490a140093b5870a47edc29f33542fd2;51a7068640af42c3a7c1b94f1c11ab9d;533340c54bd25256873b3dca34d7f74e;684eca6b62d69ce899a3ec3bb04d0a5b;69a19abf5ba56ee07cdd3425b07cf8bf;6cfd131fef548fcd60fbcdb59317df8e;72dc98449b45a7f1ccdef27d51e31e91;7c733607a0932b1b9a9e27cd6ab55fe0;7d5265e814843b24fcb3787768129040;80c37e062aa4c94697f287352acf2e9d;815f1f8a7bc1e6f94cb5c416e381a110;a43d3b31575846fa4c3992b4143a06da;08e82dc7bae524884b7dc2134942aadb;7bcd736a2394fc49f3e27b3987cce640;57314359df11ffdf476f809671ec0275;b72737b464e50aa3664321e8e001ff32;ce8ce92fb6565181572dce00d69c24f8;5985087678414143d33ffc6e8863b887;84730a6e426fbd3cf6b821c59674c8a0;d5377dc1821c935302c065ad8432c0d2;d8f1356bebda9e77f480a6a60eab36bb;92f8e3f0f1f7cc49fad797a62a169acd;9003cfaac523e94d5479dc6a10575e60;df91b86189adb0a11c47ce2405878fa1;e17bd40f5b5005f4a0c61f9e79a9d8c2;c1e7850da5604e081b9647b58248d7e8;99828721ac1a0e32e4582c3f615d6e57;f559c87b4a14a4be1bd84df6553aaf56;b9c208ea8115232bfd9ec2c62f32d6b8;061089d8cb0ca58e660ce2e433a689b3;0e9afd3a870906ebf34a0b66d8b07435;9c115e9a81d25f9d88e7aaa4313d9a8f;520ee02668a1c7b7c262708e12b1ba6b;7bfba2c69bed6b160261bdbf2b826401;77a745b07d9c453650dd7f683b02b3ed;3a771efb7ba2cd0df247ab570e1408b2;0969b2b399a8d4cd2d751824d0d842b4;fc53f2cd780cd3a01a4299b8445f8511;4e39620afca6f60bb30e031ddc5a4330;bfe3f6a79cad5b9c642bb56f8037c43b;3dfebce4703f30eed713d795b90538b5;9793afcea43110610757bd3b800de517;36db24006e2b492cafb75f2663f241b2;21feb6aa15e02bb0cddbd544605aabad;21feb6aa15e02bb0cddbd544605aabad;649ef1dd4a5411d3afcf108d57ff87af;320b2f1d9551b5d1df4fb19bd9ab253a;3d75c72144d873b3c1c4977fbafe9184;b9cf4301b7b186a75e82a04e87b30fe4;b4e67706103c3b8ee148394ebee3f268;7bfbd72441e1f2ed48fbc0f33be00f24;cdb303f61a47720c7a8c5086e6b2a743;2a6f7ec77ab6bd4297e7b15ae06e2e61;8403a28e0bffa9cc085e7b662d0d5412;3ffd2915d285ad748202469d4a04e1f5;04078ef95a70a04e95bda06cc7bec3fa;235d427f94630575a4ea4bff180ecf5d;8035a8a143765551ca7db4bc5efb5dfd;cacaa3bf3b2801956318251db5e90f3c;1aadf739782afcae6d1c3e4d1f315cbd;c3e255888211d74cc6e3fb66b69bbffb;d9e9f22988d43d73d79db6ee178d70a4;16ab79fb2fd92db0b1f38bedb2f02ed8;8da15a97eaf69ff7ee184fc446f19cf1;ffc7305cb24c1955f9625e525d58aeee;c0e72eb4c9f897410c795c1b360090ef;9ad6fa6fdedb2df8055b3d30bd6f64f1;44619a88a6cff63523163c6a4cf375dd;a571660c9cf1696a2f4689b2007a12c7;81229c1e272218eeda14892fa8425883;0ac48cfa2ff8351365e99c1d26e082ad;afcdf79be1557326c854b6e20cb900a7
a53a02b997935fd8eedcb5f7abab9b9f
e96a73c7bf33a464c510ede582318bf2
serialfunc.exe
e PAA;en PAA;enc PAA;enco PAA;encode PAA;encoded PAA;encodedco PAA;encodedcom PAA;encodedcomm PAA;encodedcomma PAA;encodedcomman PAA;encodedcommand PAA;e IAA;en IAA;enc IAA;enco IAA;encode IAA;encoded IAA;encodedco IAA;encodedcom IAA;encodedcomm IAA;encodedcomma IAA;encodedcomman IAA;encodedcommand IAA;e JAB;en JAB;enc JAB;enco JAB;encode JAB;encoded JAB;encodedco JAB;encodedcom JAB;encodedcomm JAB;encodedcomma JAB;encodedcomman JAB;encodedcommand JAB;e cwBFAFQA;en cwBFAFQA;enc cwBFAFQA;enco cwBFAFQA;encode cwBFAFQA;encoded cwBFAFQA;encodedco cwBFAFQA;encodedcom cwBFAFQA;encodedcomm cwBFAFQA;encodedcomma cwBFAFQA;encodedcomman cwBFAFQA;encodedcommand cwBFAFQA;e SQBFAF;en SQBFAF;enc SQBFAF;enco SQBFAF;encode SQBFAF;encoded SQBFAF;encodedco SQBFAF;encodedcom SQBFAF;encodedcomm SQBFAF;encodedcomma SQBFAF;encodedcomman SQBFAF;encodedcommand SQBFAF;e UwBFAFQA;en UwBFAFQA;enc UwBFAFQA;enco UwBFAFQA;encode UwBFAFQA;encoded UwBFAFQA;encodedco UwBFAFQA;encodedcom UwBFAFQA;encodedcomm UwBFAFQA;encodedcomma UwBFAFQA;encodedcomman UwBFAFQA;encodedcommand UwBFAFQA;e IABpAE4AdgBPAEsAZQAt;en IABpAE4AdgBPAEsAZQAt;enc IABpAE4AdgBPAEsAZQAt;enco IABpAE4AdgBPAEsAZQAt;encode IABpAE4AdgBPAEsAZQAt;encoded IABpAE4AdgBPAEsAZQAt;encodedco IABpAE4AdgBPAEsAZQAt;encodedcom IABpAE4AdgBPAEsAZQAt;encodedcomm IABpAE4AdgBPAEsAZQAt;encodedcomma IABpAE4AdgBPAEsAZQAt;encodedcomman IABpAE4AdgBPAEsAZQAt;encodedcommand IABpAE4AdgBPAEsAZQAt;e SQBmACgAJAB;en SQBmACgAJAB;enc SQBmACgAJAB;enco SQBmACgAJAB;encode SQBmACgAJAB;encoded SQBmACgAJAB;encodedco SQBmACgAJAB;encodedcom SQBmACgAJAB;encodedcomm SQBmACgAJAB;encodedcomma SQBmACgAJAB;encodedcomman SQBmACgAJAB;encodedcommand SQBmACgAJAB;e J;en J;enc J;enco J;encode J;encoded J;encodedco J;encodedcom J;encodedcomm J;encodedcomma J;encodedcomman J;encodedcommand J;e SUVY;en SUVY;enc SUVY;enco SUVY;encode SUVY;encoded SUVY;encodedco SUVY;encodedcom SUVY;encodedcomm SUVY;encodedcomma SUVY;encodedcomman SUVY;encodedcommand SUVY;e aWV4;en aWV4;enc aWV4;enco aWV4;encode aWV4;encoded aWV4;encodedco aWV4;encodedcom aWV4;encodedcomm aWV4;encodedcomma aWV4;encodedcomman aWV4;encodedcommand aWV4;e dmFy;en dmFy;enc dmFy;enco dmFy;encode dmFy;encoded dmFy;encodedco dmFy;encodedcom dmFy;encodedcomm dmFy;encodedcomma dmFy;encodedcomman dmFy;encodedcommand dmFy;e dgBhA;en dgBhA;enc dgBhA;enco dgBhA;encode dgBhA;encoded dgBhA;encodedco dgBhA;encodedcom dgBhA;encodedcomm dgBhA;encodedcomma dgBhA;encodedcomman dgBhA;encodedcommand dgBhA;e R2V0;en R2V0;enc R2V0;enco R2V0;encode R2V0;encoded R2V0;encodedco R2V0;encodedcom R2V0;encodedcomm R2V0;encodedcomma R2V0;encodedcomman R2V0;encodedcommand R2V0;e IAAgAH;en IAAgAH;enc IAAgAH;enco IAAgAH;encode IAAgAH;encoded IAAgAH;encodedco IAAgAH;encodedcom IAAgAH;encodedcomm IAAgAH;encodedcomma IAAgAH;encodedcomman IAAgAH;encodedcommand IAAgAH;e TVq;en TVq;enc TVq;enco TVq;encode TVq;encoded TVq;encodedco TVq;encodedcom TVq;encodedcomm TVq;encodedcomma TVq;encodedcomman TVq;encodedcommand TVq;e aQBIA;en aQBIA;enc aQBIA;enco aQBIA;encode aQBIA;encoded aQBIA;encodedco aQBIA;encodedcom aQBIA;encodedcomm aQBIA;encodedcomma aQBIA;encodedcomman aQBIA;encodedcommand aQBIA;e UEs;en UEs;enc UEs;enco UEs;encode UEs;encoded UEs;encodedco UEs;encodedcom UEs;encodedcomm UEs;encodedcomma UEs;encodedcomman UEs;encodedcommand UEs;e H4s;en H4s;enc H4s;enco H4s;encode H4s;encoded H4s;encodedco H4s;encodedcom H4s;encodedcomm H4s;encodedcomma H4s;encodedcomman H4s;encodedcommand H4s;e dXNpbm;en dXNpbm;enc dXNpbm;enco dXNpbm;encode dXNpbm;encoded dXNpbm;encodedco dXNpbm;encodedcom dXNpbm;encodedcomm dXNpbm;encodedcomma dXNpbm;encodedcomman dXNpbm;encodedcommand dXNpbm;e cwBhA;en cwBhA;enc cwBhA;enco cwBhA;encode cwBhA;encoded cwBhA;encodedco cwBhA;encodedcom cwBhA;encodedcomm cwBhA;encodedcomma cwBhA;encodedcomman cwBhA;encodedcommand cwBhA;JABzA
FromBase64String
JAB;SUVY;aWV4;dmFy;dgBhA;R2V0;SQBFAF;TVq;aQBIA;UEs;H4s;dXNpbm;cwBhA
/v Word experienced;/v Excel experienced;-v Word experienced;-v Excel experienced
JABlAG4AdgA6AHUAcwBlAHIAcAByAG8AZgBpAGwAZQ;QAZQBuAHYAOgB1AHMAZQByAHAAcgBvAGYAaQBsAGUA;kAGUAbgB2ADoAdQBzAGUAcgBwAHIAbwBmAGkAbABlA;IgAoACcAKgAnACkAOwAkA;IAKAAnACoAJwApADsAJA;iACgAJwAqACcAKQA7ACQA
e^;^en^;^nc
^
..\;\..
C:\Program Files;\Razer\Synapse3\Service\Razer Synapse Service.exe
C:\Program Files;\Razer\;\UserProcess\Razer Synapse Service Process.exe
C:\ProgramData\MspPlatform\N-central Agent\PME\PMESetup.exe;C:\Program Files (x86)\MspPlatform\PME\Installers\FileCacheServiceAgentSetup.exe;C:\Program Files (x86)\MspPlatform\PME\Installers\RequestHandlerAgentSetup.exe;C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe
C:\ProgramData\MspPlatform\N-central Agent\PME\PMESetup.exe;C:\Program Files (x86)\MspPlatform\PME\Installers\FileCacheServiceAgentSetup.exe;C:\Program Files (x86)\MspPlatform\PME\Installers\RequestHandlerAgentSetup.exe;C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe
\cmd.exe /c del "C:\Users\*\AppData\Local\Temp\*.exe;\cmd.exe /c del "C:\Users\*\Desktop\*.exe;\cmd.exe -c del "C:\Users\*\AppData\Local\Temp\*.exe;\cmd.exe -c del "C:\Users\*\Desktop\*.exe
ping.exe -n 6 127.0.0.1 &ping.exe /n 6 127.0.0.1 & type
System.Net.Networkinformation.ping
mofcomp.exe
net.exe;net1.exe;net2.exe
user;group;localgroup
remove;delete;active;del
tvsu_tmp
net.exe;net1.exe;net2.exe
user
add
tvsu_tmp
dsmod.exe
dsadd.exe
WerFault.exe
-s;/s
cmd.exe
echo;\pipe\;>
cmd.exe
/c;copy;dll;\\;admin$
rundll32.exe
,;StartW
rundll32.exe
,;update;appdata;temp;/i:
rundll32.exe
,;update;appdata;temp;-i:
dllhost.exe
{3E5FC7F9-9A51-4367-9063-A120244FBEC7};{3E000D72-A845-4CD9-BD83-80C07C3B881F};{D2E7041B-2927-42fb-8E9F-7CE93B6DC937};{02B49784-1CA2-436C-BC08-72FA3956507D};{BEF590BE-11A6-442A-A85B-656C1081E04C}
dllhost.exe
{3E5FC7F9-9A51-4367-9063-A120244FBEC7};{3E000D72-A845-4CD9-BD83-80C07C3B881F};{D2E7041B-2927-42fb-8E9F-7CE93B6DC937};{02B49784-1CA2-436C-BC08-72FA3956507D};{BEF590BE-11A6-442A-A85B-656C1081E04C}
winlogon.exe;services.exe;lsass.exe;csrss.exe;wininit.exe;spoolsv.exe;searchindexer.exe
powershell.exe;pwsh.exe;cmd.exe
AUTHORI;AUTORI
route ; ADD
eventvwr.exe
c:\windows\system32\mmc.exe
fodhelper.exe
InstallUtil.exe
Invoke-PsUaCme
BypassUAC
PowerUp
computerdefaults.exe
dism.exe
fodhelper.exe
NT AUTHORITY\NETWORK SERVICE;NT AUTHORITY\LOCAL SERVICE;SERVICE LOCAL;ERVICE RÉSEAU;NETZWERKDIENST;LOKALER DIENST;NETZWERKDIENST;SERVICIO DE RED;ERVICIO LOC
NT AUTHORITY\SYSTEM;СИСТЕМА;NT-AUTORITÄT\SYSTEM;AUTORITE NT\SYSTEM
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
runas.exe
Cmd.Exe
winlogon.exe
utilman.exe
Cmd.Exe
winlogon.exe
sethc.exe
utilman.exe
C:\Windows\System32\ATBroker.exe;Magnify.exe;C:\Windows\System32\osk.exe
sethc.exe
osk.exe
Magnify.exe
DisplaySwitch.exe
Narrator.exe
AtBroker.exe
sdbinst.exe
dwm.exe
cmd.exe
7zFM.exe
;/c;-c
cmd.exe
elevation_service.exe
System
unknown process
\LocalState\rootfs\
\LocalState\rootfs\
auditpol
/set;-set;/restore;-restore;/clear;-clear;/remove;-remove;/resourceSACL;-resourceSACL
+s;+h
attrib.exe
Hidden;Attributes
powershell.exe
Sysinternals Sysmon
/u;/c;-u;-c
C:\ProgramdData\sysmon\
MpCmdRun.exe
Add-MpPreference;RemoveDefinitions;DisableIOAVProtection
C:\Program Files (x86)\MspPlatform\RequestHandlerAgent\RequestHandlerAgent.exe
IMPHASH=84B763C45C0E4A3E7CA5548C710DB4EE
IMPHASH=19584675D94829987952432E018D5056
IMPHASH=330768a4f172e10acb6287b87289d83b
PsKill.exe
Set-MpPreference;Add-MpPreference;Remove-MpPreference;MpCmdRun.exe
RemoveDefinitions;RemoveDynamicSignature;DisableIOAVProtection;DisableRealTimeMonitoring;DisableBehaviorMonitoring;DisableBlockAtFirstSeen;DisableIOAVProtection;DisablePrivacyMode;DisableScriptScanning;DisableRealtimeMonitoring;DisableScanningNetworkFiles;DisableScanningMappedNetworkDrivesForFullScan;DisableRestorePoint;DisableRemovableDriveScanning;SignatureDisableUpdateOnStartupWithoutEngine;DisableIntrusionPreventionSystem;DisableScanOnRealtimeEnable;DisableArchiveScanning;DisableIntrusionPreventionSystem;DisableScriptScanning;DisableOnAccessProtection;ExclusionExtension;ExclusionPath;ExclusionProcess;ThreatDefaultAction;TamperProtection
interface ipv6 set
interface ipv4 set
taskkill.exe
firewall delete
ROGLiveService;C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
C:\Program Files\ASUS\ROG Live Service\RLSInstallAction.exe
C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe
firewall add
cmd.exe;ROGLiveService;C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe;enable=yes
C:\Program Files\ASUS\ROG Live Service\RLSInstallAction.exe
C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe
firewall set opmode disable
Core Networking - Router Solicitation
netsh advfirewall firewall
wevtutil.exe
cl
wevtutil im
wevtutil.exe im
ClickToRun
fltMC.exe
detach;unload
appcmd.exe
DontLog;True
iisetup.exe
set;NGenAssemblyUsageLog
New-ItemProperty;NGenAssemblyUsageLog
reg;add;dword;NGenAssemblyUsageLog
$env;NGenAssemblyUsageLog
set;COMPlus_ETWEnabled
New-ItemProperty;COMPlus_ETWEnabled
reg;add;dword;COMPlus_ETWEnabled
$env;COMPlus_ETWEnabled
bash.exe;wsl.exe;ubuntu.exe;kali.exe
-e;/e;-u root;--exec bash;dev/tcp;~ -d;~ /d
wsl.exe
wsl.exe
wslhost.exe
wslhost.exe
ntsirlemes_deadpool
ubuntu.exe
ubuntu.exe
kali.exe
kali.exe
distro-id;vm-id
pcalua.exe
pcalua.exe
bash.exe
bash.exe
forfiles.exe
forfiles.exe
.com
-appvscript
C:\Users\NetworkService\;C:\Users\NetworkService\;HarddiskVolumeShadowCopy;C:\Users\Default\;C:\Users\Public;C:\Users\Guest\;\administrateur\;C:\Windows\Media\;C:\Windows\addins\;tsclient\;\htdocs\;\config\systemprofile\;C:\PerfLogs\;c:\windows\ServiceProfiles\;C:\Intel\Logs\;C:\Windows\repair\;C:\Windows\Help\;$Recycle;C:\Windows\Debug\;C:\Windows\Security\;C:\Windows\Fonts\;\wwwroot\;\Contacts;C:\Windows\vss\
C:\Windows\SysWOW64\config\systemprofile\Citrix\UpdaterBinaries\;\CitrixReceiverUpdater.exe
.exe
.7z.exe
.doc.exe
.doc.exe
.docx.exe
.ico.exe
.iso.exe
.lnk.exe
.pdf.exe
.ppt.exe
.pptx.exe
.rar.exe
.rtf.exe
.txt.exe
.xls.exe
.xlsx.exe
.zip.exe
______.exe
reg add hkcu\software\classes\
reg.exe add hkcu\software\classes\
C:\WINDOWS\system32\svchost.exe -k localService -s RemoteRegistry
regedit.exe
:
reg.exe
delete
regedit.exe
/d;-d
HKCU:;HKLM
remove-item
HKCU:;HKLM
set-item;new-item
chcp.exe
936
1256
864
1258
855
866
powershell.exe
-e ;-en;-enc;-enco;-encod;-encode;-encoded;-encodedc;-encodedco;-encodedcom;-encodedcomm;-encodedcomma;-encodedcomman;-encodedcommand;/e ;/en;/enc;/enco;/encod;/encode;/encoded;/encodedc;/encodedco;/encodedcom;/encodedcomm;/encodedcomma;/encodedcomman;/encodedcommand
powershell.exe
-w h;-wi h;-win h;-wind h;-windo h;-window h;-windows h;-windowst h;-windowsty h;-windowstyl h;-windowstyle h;/w h;/wi h;/win h;/wind h;/windo h;/window h;/windows h;/windowst h;/windowsty h;/windowstyl h;/windowstyle h
powershell.exe
-ex;/ex
bypass
C:\Programdata\Sysmon\SysmonUpdateConfig.ps1
C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe
powershell.exe
-noni;/noni
Import-Module FileServerResourceManager
C:\Program Files\LogicMonitor
powershell.exe
hextobin;iex;io.filestream;system.text;base64;system.io;io.file;IMAGE_SUBSYSTEM_WINDOWS_GUI;IMAGE_NT_OPTIONAL_HDR32;IMAGE_NT_OPTIONAL_HDR64;DllCharacteristicsType;GetDelegateForFunctionPointer;WriteProcessMemory;ReadProcessMemory;ImpersonateSelf;AdjustTokenPrivileges;NtCreateThreadEx;CreateRemoteThread;io.seek;iwr;-bxor;invoke-expression;remove.to.string;shellcode;System.Net.WebClient;System.Net.WebRequest;System.Net.SecurityProtocolType;unicode;-useb;msxml2.serverxmlhttp;wscript.shell;-comobject;frombase64;io.compression;system.convert;io.streamreader;io.memorystream;compression.gzipstream;text.encoding;executioncontext;text.enc;convertto-securestring;runtime.interop;verbosepreference;[[string]]::join
powershell.exe
SUVYI;aWV4I;SQBFAFgA;aQBlA;TW96aWxsYS;1vemlsbGEv;Nb3ppbGxhL;TQBvAHoAaQBsAGwAYQAv;0AbwB6AGkAbABsAGEAL;BNAG8AegBpAGwAbABhAC;UwB0AGE
C^om^S^pEc;^c^o^m^S^p^E^c^;Wscript.Shell;-ComObject;MsXml2.ServerXmlHttp;Remove.ToString;System.Convert;-UseB;[Byte[];^h^t^t^p;h"t"t"p
IwAjACMAd;IyM=;SUVYI;aWV4I;SQBFAFgA;aQBlAHgA;TW96aWxsYS;1vemlsbGEv;Nb3ppbGxhL;TQBvAHoAaQBsAGwAYQAv;0AbwB6AGkAbABsAGEAL;BNAG8AegBpAGwAbABhAC
WindowStyle Hidden function;WindowStyle Hidden;windowstyle h;windowstyl h;windowsty h;windowst h;windows h;window h;windo h;wind h;win h;wi h;-w h;/w h;win hi;win hid;win hidd;win hidde;win hidden
^
TYPE CON >
copy CON >
FromBase64String;action=create keyvalue=;VerbosePreference.ToString;SecureString;CSharpCodeProvider;runtime.interopservices.marshal;system.globalization.numberstyles;system.reflection.assembly;hextobin;VerbosePreference.ToString;system.text.encoding;io.filestream;io.filestream;io.seekorigin;text.encoding;unicode.getstring;FromBase64;[Convert]::;System.IO.File]::ReadAllText;|iex
ngen.exe;install
certutil
decode;encode
ping.exe
0x
csc.exe
\AppData\;\Windows\Temp\
csc.exe
wscript.exe
cscript.exe
mshta.exe
mofcomp.exe
.mof
C:\WINDOWS\Installer\MSI
MsMpEng.exe
aspnet_regiis.exe
msiexec.exe
csc.exe
out:;target:library
Microsoft.Workflow.Compiler.exe
autochk.exe
\smss.exe;\fontdrvhost.exe;\dwm.exe
\consent.exe;\Runtimebroker.exe;\TiWorker.exe
\svchost.exe
-
\consent.exe;\Runtimebroker.exe;\TiWorker.exe
svchost.exe
-
SearchProtocolHost.exe
\SearchIndexer.exe;\dllhost.exe
-
dllhost.exe
\services.exe;\svchost.exe
-
smss.exe
\smss.exe
System
-
csrss.exe
-
\smss.exe;svchost.exe
wininit.exe
-
\smss.exe
winlogon.exe
\smss.exe
\lsass.exe;LsaIso.exe
\wininit.exe
LogonUI.exe
\wininit.exe;\winlogon.exe
services.exe
\wininit.exe
svchost.exe
-
\MsMpEng.exe;\services.exe
spoolsv.exe
\services.exe
taskhost.exe
\services.exe;\svchost.exe
userinit.exe
\dwm.exe;\winlogon.exe
\wmiprvse.exe;\wsmprovhost.exe;\winrshost.exe
-
\svchost.exe
\SearchProtocolHost.exe;\taskhost.exe;\csrss.exe
\werfault.exe;\wermgr.exe;\WerFaultSecure.exe;\NGenTask.exe
autochk.exe
\chkdsk.exe;\doskey.exe;\WerFault.exe
smss.exe
\autochk.exe;\smss.exe;\csrss.exe;\wininit.exe;\winlogon.exe;\setupcl.exe;\WerFault.exe
wermgr.exe
\WerFaultSecure.exe;\wermgr.exe;\WerFault.exe
wermgr.exe
wermgr.exe
\rundll32.exe;\regsvr32.exe
\explorer.exe;\wermgr.exe;\msra.exe;\OneDriveSetup.exe;\mobsync.exe;\xwizard.exe
.exe
conhost.exe
\mscorsvw.exe;\wermgr.exe;\WerFault.exe;\WerFaultSecure.exe
System.Management.Automation
"C:\Windows\Microsoft.NET\Framework\;\ngen.exe;install
InstallUtil.exe
/logfile=;/LogToConsole=false;/U
InstallUtil.exe
-logfile=;-LogToConsole=false;-U
Mavinject.exe;mavinject64.exe
INJECTRUNNING
CMSTP.exe
/ni;/s
CMSTP.exe
/ns;/s
CMSTP.exe
-ni;-s
CMSTP.exe
-ns;-s
rundll32.exe;shell32.dll;_RunDLL
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\System32\appwiz.cpl
odbcconf.exe
/S /A {REGSVR;-S -A {REGSVR
script:http
Register-cimprovider
Scriptrunner.exe -appvscript
bginfo
cbd
runscripthelper.exe surfacecheck
xwizard RunWizard
PresentationHost
driver executeinf
control.exe /name;control.exe -name
Control_RunDLL
SyncAppvPublishingServer.exe
Scriptrunner.exe
ATBroker.exe
Appvlp.exe
InfDefaultInstall.EXE
PresentationHost.exe
RegisterCimProvider2.exe
RegisterCimProvider.exe
ScriptRunner.exe
csi.exe
extexport.exe
msconfig.EXE
rasdlui.exe
tttracer.exe
verclsid.exe
wab.exe
Register-cimprovider.exe
csi.exe
devtoolslauncher.exe LaunchForDeploy
bginfo
devtoolslauncher.exe
wab.exe
wsreset.exe
cmstp.exe /ni /s;cmstp.exe -ni -s
cmstp /ni /s;cmstp -ni -s
Mavinject.exe
INJECTRUNNING
rundll32.exe
DllRegisterServer
xapauthenticodesip.dll
regsvr32.exe
C:\Users;Appdata;Temp
regsvr32.exe
C:\Users;Public
Microsoft(C) Register Server
SyncAppvPublishingServer.exe
control.exe
rasautou.exe
control.exe /name;control.exe -name
Control_RunDLL
msiexec.exe
/y;-y
C:\Windows\SysWOW64\DartSock.dll
C:\Windows\SysWOW64\ImageViewer2.OCX
C:\Windows\SysWOW64\SysTray.ocx
C:\Windows\SysWOW64\tdbg6.ocx
C:\Windows\SysWOW64\tdbg7.ocx
C:\Windows\SysWOW64\tdbg7.ocx
C:\Windows\SysWOW64\todg7.ocx
C:\Windows\SysWOW64\todgub7.dll
C:\Windows\SysWOW64\xarraydb.ocx
msiexec.exe
/i;-i
http
RUNDLL32.EXE
,;#
C:\Windows\resources\themes\Aero\AeroLite.msstyles
uxtheme.dll
ImageView_Fullscreen
EDGEHTML.dll
PhotoViewer.dll
\AppData\Local\WebEx\WebEx\
RUNDLL32.EXE
-sta;/sta
RUNDLL32.EXE
-localserver;/localserver
RUNDLL32.EXE
shell32.dll;OpenAs_RunDLL
RUNDLL32.EXE
powershell
RUNDLL32.EXE
url.dll;OpenURL
RUNDLL32.EXE
url.dll;FileProtocolHandler
RUNDLL32.EXE
zipfldr.dll;RouteTheCall
RUNDLL32.EXE
Shell32.dll;Control_RunDLL
RUNDLL32.EXE
javascript:
RUNDLL32.EXE
RegisterXLL
rundll32.exe
C:\Users;Public
rdpinit.exe
rdpinit.exe;G2MInstaller;GoToMeeting;LogMeIn;firefox.exe
rundll32.exe
C:\Users;Appdata;Temp
ImageView_
rdpinit.exe
rdpinit.exe;G2MInstaller;GoToMeeting;LogMeIn;firefox.exe
advpack.dll;LaunchINFSection
ieadvpack.dll;LaunchINFSection
syssetup.dll;SetupInfObjectInstallAction
setupapi.dll;InstallHinfSection
InstallHinfSection
infDefaultInstall.exe
rundll32.exe "C:\Windows\twain_64.dll"
shdocvw.dll;OpenURL
advpack.dll;RegisterOCX
Zipfldr.dll;RouteTheCall
url.dll;FileProtocolHandler
url.dll;FileProtocolHandler
OpenURLA;file:
OpenURL;file:
mshta.exe
cmd.exe;powershell.exe;wscript.exe;cscript.exe;sh.exe;bash.exe;reg.exe;regsvr32.exe;bitsadmin
mshta.exe
RunHTMLApplication
mshtml
vbscript:CreateObject
odbcconf.exe
manage-bde.wsf
powershell.exe;powershell_ise.exe
msbuild.exe
msbuild.exe
regasm.exe
msbuild.exe
userinit.exe
msbuild.exe
.xml
regasm.exe
\conhost.exe
msbuild.exe
.lnk
.csproj
msxsl.exe
msxsl.exe
/stext
keylog
keyscan_
Get-Keystrokes
/scomma
sniff
C:\Program Files\Adobe\
tcpdump.exe;tcpdump.c;tshark.exe;tshark.c;windump.exe;windump.c;wireshark.c;wireshark.exe
windump;tshark;tcpdump;windump;wireshark
netsh;trace;start;capture=yes
vssadmin.exe
create;shadow
wmic.exe
shadowcopy;call;create
wmic.exe
call;create;esentutl;vss
win32_shadowcopy;create;clientaccessible
mklink;GLOBALROOT;Shadow
copy;NTDS\ntds.dit
ntdsutil.exe
copy;System32\config\SYSTEM
reg;save;HKLM
mimikatz;mimidrv;mimilove;mimilib;sekurlsa;lsadump;dumpcreds;privilege::;token::;logonpasswords;mimikittenz;mimiauth;::;kerberos::;misc::skeleton;privilege::debug;dpapi::cred;vault::cred;lsadump;misc::;Krbtgt;TOKEN::;invoke-mimi
cmdkey
rpcping.exe
nltest.exe
-ma lsass.exe;Do-Exfiltration;Powersploit;GPPPassword;gpprefdecrypt;gsecdump;hashdump;laZagne;ntds.dit;ppldump;pwdump;pwdumpx;secretsdump;/listcreds:;-listcreds:
VaultCloseVault
VaultEnumerateItem
VaultFree
VaultGetItem
VaultOpenVault
Vaultcmd
vaultcli.dll
select * from moz_login
Invoke-WinEnum
System.Net.CredentialCache
create shadow
wlan;export;profile;key=clear
dcsync
HKCU /f password;HKCU -f password
HKLM /f password;HKLM -f password
nltest.exe
ProcDump.exe
ProcDump
asktgt;asktgs
createnetonly /program:;createnetonly -program:
dump /service:krbtgt;dump -service:krbtgt
harvest /interval:;harvest -interval:
renew /ticket:;renew -ticket:
asreproast
impersonateuser:
kerberoast
ptt /ticket:
klist.exe
hh.exe
appcmd.exe
list;text;password
quser.exe
net.exe;net1.exe;net2.exe
group;localgroup; user
/domain
SUService
\users
tvsu_tmp
net.exe;net1.exe;net2.exe
group;localgroup; user
/domain
SUService
\users
tvsu_tmp
sharphound;bloodhound;azurehound;CollectionMethod;encryptzip;randomizefilenames;dumpcomputerstatus
sharphound;bloodhound
sharphound;bloodhound
sharphound;bloodhound
sharphound;bloodhound
sharphound;bloodhound
sharphound;bloodhound
dscl . list /Groups;dscl . list -Groups
dscl . list /Users;dscl . list -Users
dsquery.exe
query.exe
tree.com
auditpol
/get;-get;/list;-list;/backup;-backup
gpresult.exe
get-gpo;get-gpresult;get-gpreg
tasklist.exe
qprocess.exe
reg query
reg.exe query
driverquery.exe
tracert.exe
pathping.exe
find;385201
select-string;385201
find;virus
select-string;virus
process;Description;virus
find;cb
select-string;cb
process;Description;cb
find;defender
select-string;defender
process;Description;defender
find;crowdstrike
select-string;crowdstrike
process;Description;crowdstrike
find;sentinel
select-string;sentinel
process;Description;sentinel
find;nessusd
select-string;nessusd
process;Description;nessusd
find;td-agent
select-string;td-agent
process;Description;td-agent
find;cbagentd
select-string;cbagentd
process;Description;cbagentd
find;sysmon
select-string;sysmon
process;Description;sysmon
find;winlogbeat
select-string;winlogbeat
process;Description;winlogbeat
find;winlogbeat
select-string;winlogbeat
process;Description;winlogbeat
find;csfalcon
select-string;csfalcon
process;Description;csfalcon
find;splunk
select-string;splunk
process;Description;splunk
find;sidecar
select-string;sidecar
process;Description;sidecar
find;nxlog
select-string;nxlog
process;Description;nxlog
find;lpagent
select-string;lpagent
process;Description;lpagent
fltMC.exe
misc::mflt
AntiVirusProduct
root\SecurityCenter2
sysinfo.exe
systeminfo
netsh.exe
get;list;show
netsh.exe
get;list;show
ipconfig.exe
netstat.exe
arp -a
arp.exe -a
arp -a
whoami.exe;whoami1.exe
wmic.exe
get;useraccount
netsh.exe
add;set
encryption;dohtemplate
netsh.exe
add;del;set
nbtstat
nessus
route.exe
print
route.exe
ADD;DEL;CHANGE;-f
qwinsta.exe
rwinsta.exe
Microsoft Office\root\Office
Microsoft Office\root\Office
automation;Embedding
admin$
davclnt.dll
WebClientGroup
/shadow;-shadow
noConsentPrompt
tscon.exe
dest:rdp-tcp:
powershell.exe
WmiPrvSE.exe
WmiPrvSE.exe
\Users\
NetworkDetective
WmiPrvSE.exe
sc.exe
tenable
WmiPrvSE.exe
cmd.exe
WmiPrvSE.exe
do_vbsUpload;Spiceworks
regsvr32.exe
WmiPrvSE.exe
cmd.exe
WmiPrvSE.exe
powershell.exe
WmiPrvSE.exe
dsa.msc
virtmgmt.msc
wmiprvse.exe
CompMgmtLauncher.exe
DismHost.exe
Microsoft.NET\Framework
NetEvtFwdr.exe
ServerManager.exe
WerFault.exe
chcp.com
g2mupdate.exe
slack.exe
wsmprovhost.exe
cmd.exe
sh.exe
bash.exe
wsl.exe
powershell.exe
powershell_ise.exe
schtasks.exe
at.exe
certutil.exe
mshta.exe
whoami.exe
ping.exe
ping.exe
bitsadmin.exe
winrm.cmd
winrs.exe
winrshost.exe
waitfor.exe
wsmprovhost.exe
winrshost.exe
wsmprovhost.exe
wmiprvse.exe
mshta.exe
ssh.exe;putty.exe;kitty.exe;kitty_portable.exe
PuTTY suite
sftp;psftp
rundll32.exe
rundll32.exe
..\;,
rundll32.exe
,StartW
psshutdown
psservice
PsPasswd
mstsc.exe
telnet.exe
tftp.exe
powershellcustomhost
-Embedding
c:\windows\system32\mmc.exe
--execm;atexec
{4991d34b-80a1-4291-83b6-3328366b9097}
{00020812-0000-0000-C000-000000000046}
{40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91}
{7e0423cd-1119-0928-900c-e6d4a52a0715}
{0006F04A-0000-0000-C000-000000000046}
{048EB43E-2059-422F-95E0-557DA96038AF}
{13709620-C279-11CE-A49E-444553540000}
{c08afd90-f2a1-11d1-8455-00a0c91f3880}
9BA05972-F6A8-11CF-A442-00A0C90A8F39
{00021A20-0000-0000-C000-000000000046}
{72C24DD5-D70A-438B-8A42-98424B88AFB8}
{00020906-0000-0000-C000-000000000046}
{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}
{1b7cd997-e5ff-4932-a7a6-2a9e636da385}
{16d51579-a30b-4c8b-a276-0ff4dc41e755}
rundll32.exe -sta;rundll32.exe /sta;rundll32 -sta;rundll32 /sta
shell32.dll;SHCreateLocalServerRunDll
-k DcomLaunch;/k DcomLaunch
7z.exe
a -mx9 -r0 -p;a -v500m -mx9 -r0 -p
7z
7z
winrar
winrar
winrar
winrar
winzip
winzip
Compress-Archive
WindowsAudioDevice-Powershell-Cmdlet
SoundRecorder.exe
clip.exe
get-clipboard
New-MailboxExportRequest
add-pssnapin;exchange;new-managementroleassignment;applicationimpersonation
screencapture
system.drawing.Imaging
system.drawing.bitmap
system.windows.forms.screen
odHRwczovL;aHR0cDovL;h0dHA6Ly;odHRwOi8v;aHR0cHM6Ly;h0dHBzOi8v
ie_to_edge_stub.exe;chrome.exe;firefox.exe;iexplore.exe;brave.exe;vivaldi.exe;msedge.exe;webex;teams.exe;goto opener.exe;lynx.exe;\Webex\webexAppLauncherLatest.exe;\WebEx\webexAppLauncher.exe;\WebEx\Applications\webexAppLauncher.exe;WebEx\webex.exe;C:\PROGRA~2\BEANYW~1\GETSUP~1\TCIntegratorCommHelper.exe
wbx:;/SITE_TOKEN=;msteams:;PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSI;NCentralRDLdr.exe
msedgeupdate.dll
C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe;NCentralRDLdr.exe
VFZvQUFBQ;RWb0FBQU;UVm9BQUFB;VFZxQUFBR;RWcUFBQU;UVnFBQUFF;VFZwUUFBS;RWcFFBQU;UVnBRQUFJ;VFZxUUFBT;RWcVFBQU;UVnFRQUFN;VFZwVEFRR;RWcFRBUU;UVnBUQVFF
powershell.exe
AAAAYInlM;OiCAAAAYInlM;OiJAAAAYInlM;RwBlAHQAL;WwBOAGUAdAAuAFM;W05ldC5TZXJ2aWNl
Г;И;К;П;д;и;к;л;л;н;н;о;ф;ե;թ;յ;ն;ն;ն;ն;տ;ւ;ք
certutil.exe
urlcache;split;f
DownloadFile;DownloadString;Net.WebClient;System.Net.WebRequest;System.Net.SecurityProtocolType;Invoke-Expression;Invoke-WebRequest
powershell.exe;cmd.exe
bitsadmin.exe
CREATE;TRANSFER;DOWNLOAD;UPLOAD;ADDFILE;SetNotifyFlags;SetNotifyCmdLine;SetMinRetryDelay;SetCustomHeaders;RESUME
util;setieproxy;localsystem;AUTODETECT
BITS administration utility
CREATE;TRANSFER;DOWNLOAD;UPLOAD;ADDFILE;SetNotifyFlags;SetNotifyCmdLine;SetMinRetryDelay;SetCustomHeaders;RESUME
\curl.exe;\wget.exe;\www.exe
\curl.exe;\wget.exe;\www.exe
certutil
split;f
certutil
verifyctl;URL
C:\Perflogs\;C:\Users\Public\;C:\root\
C:\Perflogs\;C:\Users\Public\;C:\root\
start-bitstransfer
expand;\\
expand.exe;\\
ieexec http
ieexec.exe http
powercat
esentutl /y \\;esentutl -y \\
esentutl.exe /y \\;esentutl.exe -y \\
extrac32;\\
extrac32.exe;\\
portproxy
tor.exe
TeamViewer_Desktop.exe
psexec
winscp.exe;winscp.com;scp.exe;pscp
bitch.exe;bitch.bat;bitch_lasagna.exe;Admin Cracker.exe;BulletsPassView.exe;ChromePass.exe;Dialupass.exe;LSASecretsView.exe;OpenedFilesView.exe;OperaPassView.exe;PasswordFox.exe;ProduKey.exe;RouterPassView.exe;USBDeview.exe;USBStealer.exe;VNCPassView.exe;WebBrowserPassView.exe;WirelessKeyView.exe;WirelessKeyView.exe;empv.exe;netpass.exe;pspv.exe;usbdll.exe;rdpv.exe;WirelessKeyView.exe;lasagna.exe;all -vvv >>;rsync -r
CredsLeaker;Windows.Security.Credentials.UI.CredentialPicker;function Leaker;function Await
.exe -url https://;dll,Run https://;Invoke-Merlin;-m SimpleHTTPServer;/m SimpleHTTPServer
-q=txt;/q=txt
nslookup.exe
rclone
Rsync for cloud storage
rclone
rclone
\rclone
s3browser
s3browser
s3browser
s3browser
add-ftp;.UploadFile(
ftp.exe
rundll32.exe
davclnt.dll;DavSetCookie
bcdedit.exe
safeboot
bootcfg.exe
safeboot
-startvm;vrun.exe -vm
vssadmin.exe
delete;resize
wmic.exe
shadowcopy;delete
wbadmin.exe
SYSTEMSTATEBACKUP;delete
wmic.exe
wmic shadowstorage SET MaxSpace=
wmic.exe
cleareventlog;call disable;nteventlog where filename
diskpart.exe
format;clean;delete;remove
manage-bde.exe
changepin;changepassword;changekey;wipefreespace;lock;/on;-on;/off;-off;-add;/add;-pw;/pw
manage-bde.wsf
changepin;changepassword;changekey;wipefreespace;lock;/on;-on;/off;-off;-add;/add;-pw;/pw
format
bootstatuspolicy ignoreallfailures
recoveryenabled No
Win32_Shadowcopy
sdelete
delete catalog
wbadmin delete catalog
erase
-nw;-exec=
/nw;/exec=
-p;-nw
/p;/nw
shred
diskshadow
del ; /f
del ; -f
rmdir ; /s ; /q
rmdir ; -s ; -q
rd ; /s ; /q
rd ; -s ; -q
usn deletejournal
fsutil.exe
usn;deletejournal
AdjustTokenPrivileges;IMAGE_NT_OPTIONAL_HDR64_MAGIC;LSA_UNICODE_STRING;Management.Automation.RuntimeException;Metasploit;Microsoft.Win32.UnsafeNativeMethods;Mimikatz;MiniDumpWriteDump;Net.Sockets.SocketFlags;PAGE_EXECUTE_READ;ReadProcessMemory.Invoke;Reflection.Assembly;Runtime.InteropServices;SECURITY_DELEGATION;SE_PRIVILEGE_ENABLED;System.Runtime.InteropServices;System.Security.Cryptography;TOKEN_ADJUST_PRIVILEGES;TOKEN_ALL_ACCESS;TOKEN_ASSIGN_PRIMARY;TOKEN_DUPLICATE;TOKEN_ELEVATION;TOKEN_IMPERSONATE;TOKEN_INFORMATION_CLASS;TOKEN_PRIVILEGES;TOKEN_QUERY;powerkatz
C:\Program Files;\LightingService\AsusInstallVerifier.exe
ahashpool;blazepool;blockmasters;blockmasterscoins;ccminer;cgminer;coinhive;hashrefinery;minergate;miningpoolhubcoins;nicehash;poolname;poolpassword;poolurl;rainbowminer;sgminer;stratum+tcp;xmrMiner;xmrig;yiimp;zergpool;zergpoolcoins;zpool
CPU miner;GPU miner;Lime Miner;XMRig CPU miner; miner
b91ce2fa41029f6955bff20079468448;02af7cec58b9a5da1c542b5a32151ba1;2c4a910a1299cdae2a4e55988a2f102e;846e27a652a5e1bfbd0ddd38a16dc865;4f2eb62fa529c0283b28d05ddd311fae;56ceb6d0011d87b6e4d7023d7ef85676
87AECF008D87EC86EC8B00A2394B3E6C
FB3F0D0DE8B80EA8CFAB2A025EC6B833
F4067FBF7FFF6945D0BB485B727B39AA
4a069c1abe5aca148d5a8fdabc26751e;c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1;304772c80b157a916c7041f2f15939fb;291ff87948e45914424cec9510c297da;a4b42c2c95d1f2ff12171a01c86cd64f;98908ce6f80ecc48628c8d2bf5b2a50c;849a2b0dc80aeca3d175c139efe5221c;807d86da63f0db1fc746d1f0b05bc357;322cb39bc049aa69136925137906d855;86A4CAC227078B9C95C560C8F0370BF0;36dd195269979e01a29e37c488928497;7d9d29c1c03461608bcab930fef2f568;eac3e3ece94bc84e922ec077efb15edd;b4abe604916c04fe3dd8b9cb3d501d3f;88777aacd5f16599547926a4c9202862;128CECC59C91C0D0574BC1075FE7CB40;17a36ac3e31f3a18936552aff2c80249;0f49621b06f2cdaac8850c6e9581a594;3d129263f6a48647f103a04446fb0c2f;71345b139166482acaa568ac8816c7bc;1b60021baedc3f9201bcdb40e9b87f62;5E022694C0DBD1FBBC263D608E577949;cd4b9d0f2d1c0468750855f0ed352c1ed6d4f512d66e0e44ce308688235295b5;b017b9fc2484ce0a5629ff1fed15bca9f62f942eafbb74da6a40f40337187b04;2010f38ef300be4349e7bc287e720b1ecec678cacbf0ea0556bcf765f6e073ec;6a251ed6a2c6a0a2be11f2a945ec68c814d27e2b6ef445f4b2c7a779620baa11;5b102bf4d997688268bab45336cead7cdf188eb0d6355764e53b4f62e1cdf30c;37cd353621b0f4fc6981b50071c94f01;daf2da52475fd8981b19ec3c321a983c;afcdf79be1557326c854b6e20cb900a7;2f40abbb4f78e77745f0e657a19903fc953cc664;37b4496e650b3994312c838435013560b3ca8571;478dc5a5f934c62a9246f7d1fc275868f568bc07;1a2ab4df156ccd685f795baee7df49f8e701f271d3e5676b507112e30ce03c42;2c1d3d0a9c6f76726994b88589219cb8d9c39dd9924bc8d2d02bf41d955fe326;5c776a33568f4c16fee7140c249c0d2b1e0798a96c7a01bfd2d5684e58c9bb32;5fc4b0076eac7aa7815302b0c3158076e3569086c4c6aa2f71cd258238440d14;08c34c6ac9186b61d9f29a77ef5e618067e0bc9fe85cab1ad25dc6049c376949;758598370c3b84c6fbb452e3d7119f700f970ed566171e879d3cb41102154272;bef59b9a3e00a14956e0cd4a1f3e7524448cbe5d3cc1295d95a15b83a3579c59;c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1;c96ed56bf7ee85a4398cc43a98b4db86d3da311c619f17c8540ae424ca6546e1;e8542c07b2af63ee7e72ce5d97d91036c5da56e2b091aa2afe737b224305d230;0ac48cfa2ff8351365e99c1d26e082ad;0e9afd3a870906ebf34a0b66d8b07435;1aadf739782afcae6d1c3e4d1f315cbd;2a6f7ec77ab6bd4297e7b15ae06e2e61;3a771efb7ba2cd0df247ab570e1408b2;3d75c72144d873b3c1c4977fbafe9184;3dfebce4703f30eed713d795b90538b5;3ffd2915d285ad748202469d4a04e1f5;4e39620afca6f60bb30e031ddc5a4330;6cfd131fef548fcd60fbcdb59317df8e;7bcd736a2394fc49f3e27b3987cce640;7bfba2c69bed6b160261bdbf2b826401;7bfbd72441e1f2ed48fbc0f33be00f24;7c733607a0932b1b9a9e27cd6ab55fe0;7d5265e814843b24fcb3787768129040;08e82dc7bae524884b7dc2134942aadb;8da15a97eaf69ff7ee184fc446f19cf1;9ad6fa6fdedb2df8055b3d30bd6f64f1;9c115e9a81d25f9d88e7aaa4313d9a8f;16ab79fb2fd92db0b1f38bedb2f02ed8;21feb6aa15e02bb0cddbd544605aabad;21feb6aa15e02bb0cddbd544605aabad;22d142f11cf2a30ea4953e1fffb0fa7e;36db24006e2b492cafb75f2663f241b2;51a7068640af42c3a7c1b94f1c11ab9d;69a19abf5ba56ee07cdd3425b07cf8bf;72dc98449b45a7f1ccdef27d51e31e91;77a745b07d9c453650dd7f683b02b3ed;80c37e062aa4c94697f287352acf2e9d;92f8e3f0f1f7cc49fad797a62a169acd;235d427f94630575a4ea4bff180ecf5d;320b2f1d9551b5d1df4fb19bd9ab253a;490a140093b5870a47edc29f33542fd2;520ee02668a1c7b7c262708e12b1ba6b;649ef1dd4a5411d3afcf108d57ff87af;684eca6b62d69ce899a3ec3bb04d0a5b;815f1f8a7bc1e6f94cb5c416e381a110;0969b2b399a8d4cd2d751824d0d842b4;2317d65da4639f4246de200650a70753;04078ef95a70a04e95bda06cc7bec3fa;8035a8a143765551ca7db4bc5efb5dfd;8403a28e0bffa9cc085e7b662d0d5412;9003cfaac523e94d5479dc6a10575e60;9793afcea43110610757bd3b800de517;27612cb03c89158225ca201721ea1aad;44619a88a6cff63523163c6a4cf375dd;061089d8cb0ca58e660ce2e433a689b3;81229c1e272218eeda14892fa8425883;84730a6e426fbd3cf6b821c59674c8a0;533340c54bd25256873b3dca34d7f74e;57314359df11ffdf476f809671ec0275;99828721ac1a0e32e4582c3f615d6e57;412956675fbc3f8c51f438c1abc100eb;5985087678414143d33ffc6e8863b887;a43d3b31575846fa4c3992b4143a06da;a571660c9cf1696a2f4689b2007a12c7;b4e67706103c3b8ee148394ebee3f268;b9c208ea8115232bfd9ec2c62f32d6b8;b9cf4301b7b186a75e82a04e87b30fe4;b72737b464e50aa3664321e8e001ff32;bfe3f6a79cad5b9c642bb56f8037c43b;c0e72eb4c9f897410c795c1b360090ef;c1e7850da5604e081b9647b58248d7e8;c3e255888211d74cc6e3fb66b69bbffb;cacaa3bf3b2801956318251db5e90f3c;cdb303f61a47720c7a8c5086e6b2a743;ce8ce92fb6565181572dce00d69c24f8;d8f1356bebda9e77f480a6a60eab36bb;d9e9f22988d43d73d79db6ee178d70a4;d5377dc1821c935302c065ad8432c0d2;df91b86189adb0a11c47ce2405878fa1;e17bd40f5b5005f4a0c61f9e79a9d8c2;f559c87b4a14a4be1bd84df6553aaf56;fc53f2cd780cd3a01a4299b8445f8511;ffc7305cb24c1955f9625e525d58aeee
e96a73c7bf33a464c510ede582318bf2;a53a02b997935fd8eedcb5f7abab9b9f
d326e629a90e78825645963b35e53a6a;c579341f86f7e962719c7113943bb6e4;dc5733c013378fa418d13773f5bfe6f1;b8fcd4a3902064907fb19e0da3ca7aed72a7e6d1f94d971d1ee7a4d3af6a800d;965884f19026913b2c57b8cd4a86455a61383de01dabb69c557f45bb848f6c26;4a069c1abe5aca148d5a8fdabc26751e;dc7e564809d6c2a2f3457c3c9b91f22b;FE2CA1BE3BDA2A757036A89E54CC02DB;5470f0644589685000154cb7d3f60280acb16e39ca961cce2c016078b303bc1b
53841a0c6a3ff92976db08bfdf95e083
zoommtg
pwd=
zoommtg
zc=0
zoommtg
zc=1
msteams:
wbx:
C:\Users\
\Downloads\
C:\Users\
\Desktop\
\awk.exe;\sed.exe
C:\Users\Public\;$Recyclebin;\Desktop\;\Content.Outlook\
C:\Users\Public\;$Recyclebin;\Desktop\;\Content.Outlook\;\Downloads\
.html;.hta;.iso;.js;.bat;.cmd;.cmdline;.vbs;.vb;.vbe;.reg;.com
-s -n -u -i:http:
/s /n /u /i:http:
listena
assoc
del
expand
md
move
rd
ren
set
setx
bginfo.bgi /popup /nolicprompt;bginfo.bgi -popup -nolicprompt
find.exe
grabff
routerscan
pythonEngine.Execute
sesshijack
file://
HTML Application host
Manager Profile Installer
Microsoft Application Virtualization Injector
Application Compatibility Database Installer
popd.exe
pushd.exe
subst.exe
doskey.exe
cls.exe
\
C:\Windows\system32\svchost.exe -k iissvcs
\
acrobat.exe
acrord32.exe
java.exe
C:\ProgramData\Cavelo\jre\bin\java.exe
javaw.exe
C:\Windows\system32\svchost.exe
cacls.exe
takeown.exe
/x Macro
\pipe\
>
/noprofile
/sc ONEVENT
\\VBOXSVR
| more
|more
\\tsclient
%PROCESSOR_ARCHITECTURE%
sysnative
AutoIt
Microsoft Filter Loader
more.com
:\Windows\Microsoft.NET\
acrord32.exe
gpupdate.exe
:\Windows\Microsoft.NET\
System
explorer.exe
\regedit.exe;\cmd.exe;terminal;\powershell
C:\Windows\System32\WerFault.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe
C:\Users
C:\ProgramData
\Temp\
\tmp\
\drivers\
\Download
C:\Windows\system32\backgroundTaskHost.exe
TrustedInstaller.exe
OneDrive.exe
vivaldi.exe
chrome.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
setup
AppData\Local\Microsoft\Teams\current\Teams.exe
\AppData\Local\Microsoft\Edge SxS\Application\msedge.exe
census
researchscan
scanhub
shadow
shodan
137.184.67.33;206.188.196.77;125.212.220.48;5.180.61.17;47.242.39.92;61.244.94.85;86.48.6.69;86.48.12.64;94.140.8.48;94.140.8.113;103.9.76.208;103.9.76.211;104.244.79.6;112.118.48.186;122.155.174.188;125.212.241.134;185.220.101.182;194.150.167.88;212.119.34.11
137.184.67.
httpbin.org
advanced-ip-scanner.com
kali.download
wscript.exe
at.exe
schtasks.exe
\temp\
127.0.0.1
\wwwroot\
\Windows\addins\
C:\Windows\repair\
\htdocs\
C:\Windows\system32\config\systemprofile\
C:\Intel\Logs\
C:\Windows\addins\
C:\Windows\security\
C:\Windows\Help\
$RECYCLE.BIN
C:\Windows\Debug\
C:\Windows\Fonts\
C:\PerfLogs\
:\$Recycle.bin\
:\Users\Default\
C:\Users\NetworkService\
C:\Users\Public\
C:\Windows\Media\
\Windows\IME\
C:\ProgramData
CSC.exe
infDefaultInstall.exe
SyncAppvPublishingServer.exe
InstallUtil.exe
msiexec.exe
regasm.exe;regsvcs.exe
Mavinject.exe
msbuild.exe
dsquery.exe
driverquery.exe
nbtstat.exe
net.exe
net1.exe
qwinsta.exe
rwinsta.exe
true
3389
AutomationManager.ScriptRunner64.exe
C:\Program Files (x86)\VMware\VMware Remote Console\vmrc.exe
C:\Program Files\VMware\VMware Remote Console\vmrc.exe
C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_
CtxLicUsageRecorder.exe
FSAssessment.exe
FSDiscovery.exe
MobaRTE.exe
RDCMan.exe
RSSensor.exe
RTS2App.exe
RTSApp.exe
RemoteDesktopManager64.exe
RemoteDesktopManager.exe
RemoteDesktopManagerFree.exe
Terminals.exe
chrome.exe
mRemote.exe
mRemoteNG.exe
mstsc.exe
spiceworks-finder.exe
svchost.exe
thor64.exe
thor.exe
C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe
C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe
SentinelRanger.exe
true
3391
AutomationManager.ScriptRunner64.exe
C:\Program Files (x86)\VMware\VMware Remote Console\vmrc.exe
C:\Program Files\VMware\VMware Remote Console\vmrc.exe
C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_
CtxLicUsageRecorder.exe
FSAssessment.exe
FSDiscovery.exe
MobaRTE.exe
RDCMan.exe
RSSensor.exe
RTS2App.exe
RTSApp.exe
RemoteDesktopManager64.exe
RemoteDesktopManager.exe
RemoteDesktopManagerFree.exe
Terminals.exe
chrome.exe
mRemote.exe
mRemoteNG.exe
mstsc.exe
spiceworks-finder.exe
svchost.exe
thor64.exe
thor.exe
true
3389
127.0.0.1;0:0:0:0:0:0:0:1
C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe
true
3389
fe80:0
putty.exe;kitty.exe;kitty_portable.exe
wsmprovhost.exe
psftp.exe
reg.exe
psshutdown
PsPasswd
psservice
ssh.exe
psexe
tftp.exe
telnet.exe
mstsc.exe
wmic.exe
sc.exe
pskill
dsquery.exe
plink.exe
vnc.exe
vncviewer.exe
vncservice.exe
omniinet.exe
hpsmhd.exe
50050
true
25
\Bin\EdgeTransport.exe;Bin\MSExchangeFrontendTransport.exe
true
powershell.exe
0:0:0:0:0:0:0:;127.0.0.1
mshta.exe
cmd.exe
certutil.exe
bitsadmin.exe
notepad.exe
regsvcs.exe
regsvr32.exe
rundll32.exe
tor.exe
hiddenservice.net;onion.city;onion.direct;onion.direct;onion.link;onion.nu;onion.pet;onion.plus;onion.rip;onion.sh;onion.sh;onion.si;onion.to;onion.top;onion.ws;tor-gateways.de;tor2net.com;tor2web.blutmagie.de;tor2web.fi;tor2web.info;tor2web.io;tor2web.org;onion.to
dns.google;cloudflare-dns.com;mozilla.cloudflare-dns.com;dns.233py.com;dns.aaflalo.me;doh.opendns.com;.quad9.net;dns.cleanbrowsing.org;dns-family.adguard.com;dns.adguard.com;.233py.com;dnscrypt;dnscrypt-cert.oszx.co;dns.oszx.co;doh.dns.sb;doh.defaultroutes.de;doh.tiarap.org;doh.tiar.app;doh.captnemo.in;.aaflalo.me;doh.appliedprivacy.net;doh.dnswarden.com;commons.host;dns.twnic.tw;ibuki.cgnat.net;doh.xfinity.com;dns.nextdns.io;dns.dnsoverhttps.net;doh.crypto.sx;doh.powerdns.org;.blahdns.com;dns.rubyfish.cn;dns.containerpi.com;.seby.io;rdns.faelix.net;doh.li;.armadillodns.net;doh.netweaver.uk;doh.42l.fr;dns.aa.net.uk;adblock.mydns.network;ibksturm.synology.me;jcdns.fun
privatlab.com
mega.nz;mega.co.nz
.pcloud.com
0x1f4b0.com;1q2w3.life;1q2w3.website;31.187.64.216;185.193.38.148;aalbbh84.info;adfreetv.ch;adless.io;adplusplus.fr;adrenali.gq;ajcryptominer.com;ajplugins.com;allfontshere.press;altavista.ovh;amhixwqagiz.ru;analytics.blue;appelamule.com;arizona-miner.tk;aster18cdn.nl;aster18prx.nl;avero.xyz;averoconnector.com;bauersagtnein.myeffect.net;bhzejltg.info;blazepool;blockmasters;blockmasterscoins;bmnr.pw;bmst.pw;bohemianpool;carry.myeffect.net;cashbeet.com;cdn-code.host;cfceu.duckdns.org;cfcnet.gdn;cfcnet.top;cfcs1.duckdns.org;chainblock.science;cieh.mx;coin-hive.com;coin-service.com;coin-services.info;coiner.site;coinpirate.cf;coinrail.io;coinwebmining.com;cpu2cash.link;cryptaloot.pro;cryptmonero;crypto-loot.com;crypto-pool;crypto-webminer.com;cryptoloot.pro;d-ns.ga;dataservices.download;directprimal.com;dwarfpool;encoding.ovh;estream.to;eth-pocket.com;eth-pocket.de;eth-pocket.eu;ethereum-pocket.de;ethereum-pocket.eu;ethtrader.de;eu.sushipool.com;f1tbit.com;flnqmin.org;freecontent.bid;freecontent.date;freecontent.loan;freecontent.racing;freecontent.stream;freecontent.win;gnrdomimplementation.com;graftpool.ovh;greenindex.dynamic-dns.net;gustaver.ddns.net;hashrefinery;hashvault.pro;herphemiste.com;hide.ovh;hk.rs;hlpidkr.ru;hodlers.party;hodling.faith;hostingcloud.win;hrfziiddxa.ru;ihdvilappuxpgiv.ru;imhvlhaelvvbrq.ru;insdrbot.com;irrrymucwxjl.ru;istlandoll.com;ivuovhsn.ru;iwanttoearn.money;ixvenhgwukn.ru;jqassets.download;jqr-cdn.download;jqrcdn.download;jquerrycdn.download;jqwww.download;jqxrrygqnagn.ru;jscoinminer.com;jwduahujge.ru;ksimdw.ru;l33tsite.info;laferia.cr;ledhenone.com;ltstyov.ru;mepirtedic.com;mine.bz;minercircle.com;minercry.pt;minergate;minero.cc;miners.pro;minescripts.info;mininghub.club;miningpoolhubcoins;minr.pw;mixpools.org;mmc.center;mollnia.com;monerise.com;monero.lindon-pool.win;monero;moriaxmr.com;munero.me;mxcdn1.now.sh;mxcdn2.now.sh;myadstats.com;mypool.online;nablabee.com;nanopool.org;nathetsof.com;nicehash;nimiqpool.com;nimpool.io;node.philpool.com;npcdn1.now.sh;nunu-001.now.sh;ogondkskyahxa.ru;ogrid.org;oinkinns.tk;olecintri.com;omine.org;onvid.club;open-hive-server-1.pp.ua;oxwwoeukjispema.ru;pcejuyhjucmkiny.ru;pool.nimiq.watch;pool.nimiqchain.info;pool.porkypool.com;pool.xmr;poolto.be;prohash.net;prohash;proj2018.xyz;pzoifaum.info;ratchetmining.com;realnetwrk.com;reauthenticator.com;rove.cl;ruvuryua.ru;s7ven.com;scaleway.ovh;sentemanactri.com;sickrage.ca/ch;sighash.info;slushpool;soodatmish.com;sparechange.io;statdynamic.com;stati.bid;staticsfs.host;streamplay.to;supportxmr;suprnova.cc;svivqrhrh.ru;sxcdn02.now.sh;sxcdn3.now.sh;sxcdn4.now.sh;sxcdn6.now.sh;synconnector.com;teracycle.net;tercabilis.info;thelifeisbinary.ddns.net;thersprens.com;torrent.pw;ulnawoyyzbljc.ru;unrummaged.com;uoldid.ru;usxmrpool;viaxmr.com;vpzccwpyilvoyg.ru;vzzexalcirfgrf.ru;wbmwss.beetv.net;webmine.cz;webmine.pro;webminepool.tk;webminerpool.com;webwidgetz.duckdns.org;wmemsnhgldd.ru;wmtech.website;wmwmwwfmkvucbln.ru;wrxgandsfcz.ru;xmrm.pw;xmrminingproxy.com;xmrpool;yiimp;yuyyio.com;zavzlen.ru;zergpool;zergpoolcoins;ziykrgc.ru;zlx.com.br;zpool
C:\Windows\system32\svchost.exe
3389
22
21
5985
false
C:\Windows\system32\svchost.exe
true
135
445
5985
System
svchost.exe
445
System
svchost.exe;lsass.exe
389
C:\Windows\System32\lsass.exe
389
127.0.0.1;0:0:0:0:0:0:0:1;fe80:0
EXCH
127.0.0.1;0:0:0:0:0:0:0:1;fe80:0
false
notepad.exe
127.0.0.1
\iexplore.exe;\chrome.exe;\firefox.exe;\MicrosoftEdge;browser_broker.exe;\vivaldi.exe;\brave.exe;\opera.exe
80
443
true
github
githubusercontent.com
dropboxapi.com
\Dropbox\Client\Dropbox.exe;\Dropbox\bin\Dropbox.exe;\Oracle\Java\
1drv
C:\Program Files\Microsoft OneDrive\OneDrive.exe;\AppData\Local\Microsoft\OneDrive\OneDrive.exe;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe;\Internet Explorer\iexplore.exe;C:\Windows\System32\AppHostRegistrationVerifier.exe;C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe;C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe;C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe;C:\Program Files\Mozilla Firefox\firefox.exe
.box.com;upload
mega.nz;mega.co.nz
privatlab.com
tiktok;parler.com;gab.com;mewe.com;4chan;8chan;facebook;fbcdn;twitter;instagram;snapchat
efnet;undernet;freenode;ircnet;.rizon;quakenet;oftc.net;dalnet
.slack.com;discord.;telegram.;rocketchat.;mattermost.;flock.com
apache.exe
java.exe
w3wp.exe
\php-cgi.exe;\php.exe
setup
tomcat
unins
unknown process
explorer.exe
inetinfo.exe
netcat.exe;nc.exe;nc64.exe;ncat.exe
procdump
psexe
vnc;vncs;vncv
rcpping;tcpping;tcping;routerscan;grabff;Port-Scan;netscan;\nmap;ipscan;nacmdline.exe;advanced_port_scanner.exe;rcpping.exe;nmap.exe;zenmap.exe;advanced_ip_scanner.exe
0
5985
5986
1293
1701
1194
3540
3389
22
1080
3128
8080
1723
23
4500
9001
9030
5900
5800
0
80
443
636
5900
443
\iexplore.exe;\chrome.exe;\firefox.exe;\MicrosoftEdge;browser_broker.exe;\vivaldi.exe;\brave.exe;\opera.exe
80
true
\iexplore.exe;\chrome.exe;\firefox.exe;\MicrosoftEdge;browser_broker.exe;\vivaldi.exe;\brave.exe;C:\Program Files\Cavelo\Cavelo Agent\cavelo_windows_amd64.exe;C:\PROGRA~2\BEANYW~1\GETSUP~1\TCIntegratorCommHelper.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe;C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe
https
true
\iexplore.exe;\chrome.exe;\firefox.exe;\MicrosoftEdge;browser_broker.exe;\vivaldi.exe;\brave.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe
http
true
\iexplore.exe;\chrome.exe;\firefox.exe;\MicrosoftEdge;browser_broker.exe;\vivaldi.exe;\brave.exe;\opera.exe
443
true
afraid.org;duckdns.org;changeip.com;ddns.net;hopto.org;zapto.org;servehttp.com;sytes.net;whoer.net;bravica.net;ip.webmasterhome.cn;whatsmyip.us;myip.kz;ip-addr.es;curlmyip;anysrc.net;anysrc.net;dlinkddns.com;no-ip.com;no-ip.org;no-ip.biz;no-ip.info;noip.com
udp
System;svchost.exe;oracle.exe;apache.exe;java.exe;php-cgi.exe;w3wp.exe;httpd;ServerManager.exe;unknown process;sql;wscript;cscript;schtasks;at.exe;reg.exe;C:\Windows\System32\find.exe
127.0.0.1;0:0:0:0:0:0:0:1
127.0.0.1;0:0:0:0:0:0:0:1
C:\Windows\System32\lsass.exe
88
epmap
llmnr
microsoft-ds
netbios-dgm
ntp
ssdp
epmap
llmnr
microsoft-ds
netbios-dgm
ntp
ssdp
53
67
68
1434
1812
3544
3702
5228
5353
5357
5989
6007
49154
49209
52176
59241
53
67
68
1812
3702
6007
49154
49209
50646
52176
59241
.bing.com
.cloudapp.net
.lync.com
.microsoft.com
.outlook.com
.search.msn.com
.wns.windows.com
aps.windows.com
arc.msn.com.nsatc.net
arc.msn.com
atson.telemetry.microsoft.com
au.download.windowsupdate.com
b.akamaiedge.net
bingforbusiness.com
client-office365-tas.msedge.net
config.edge.skype.com
csp.digicert.com
ctldl.windowsupdate.com
cy2.licensing.md.mp.microsoft.com.akadns.net
cy2.settings.data.microsoft.com.akadns.net
displaycatalog.mp.microsoft.com
download.windowsupdate.com
e-msedge.net
e3.delivery.dsp.mp.microsoft.com.nsatc.net
emdl.ws.microsoft.com
ettings-win.data.microsoft.com
fe2.update.microsoft.com
fe3.delivery.dsp.mp.microsoft.com.nsatc.net
fe3.delivery.mp.microsoft.com
g.akamaiedge.net
g.live.com
g.msn.com.nsatc.net
geo-prod.do.dsp.mp.microsoft.com
geo-prod.dodsp.mp.microsoft.com.nsatc.net
ile-service.weather.microsoft.com
ip5.afdorigin-prod-am02.afdogw.com
ipv4.login.msa.akadns6.net
licensing.mp.microsoft.com
m3p.wns.notify.windows.com.akadns.net
microsoft.com.akadns.net
microsoft.com.nsatc.net
microsoft.com
modern.watson.data.microsoft.com.akadns.net
msedge.net
msn.com.nsatc.net
msn.com
ocation-inference-westus.cloudapp.net
ocos-office365-s2s.msedge.net
ocsp.digicert.com
odern.watson.data.microsoft.com.akadns.net
oneclient.sfx.ms
pv4.login.msa.akadns6.net
query.prod.cms.rt.microsoft.com
ris.api.iris.microsoft.com.akadns.net
ris.api.iris.microsoft.com
s-msedge.net
settings.data.microsoft.com
sfe.trafficshaping.dsp.mp.microsoft.com
sls.update.microsoft.com
storecatalogrevocation.storequality.microsoft.com
storeedgefd.dsx.mp.microsoft.com
telecommand.telemetry.microsoft.com.akadns.net
tile-service.weather.microsoft.com
tlu.dl.delivery.mp.microsoft.com
tsfe.trafficshaping.dsp.mp.microsoft.com
vip5.afdorigin-prod-am02.afdogw.com
vip5.afdorigin-prod-ch02.afdogw.com
virtualearth.net
windows.net
windowsupdate.com
y2.displaycatalog.md.mp.microsoft.com.akadns.net
y2.licensing.md.mp.microsoft.com.akadns.net
y2.settings.data.microsoft.com.akadns.net
EdgeTransport.exe
MSExchangeDelivery.exe
MSExchangeFrontendTransport.exe
MSExchangeHMWorker.exe
MSExchangeSubmission.exe
\
C:\Program Files (x86)\Kaspersky Lab
C:\Program Files\Kaspersky Lab
C:\Program Files (x86)\ESET
C:\Program Files\ESET
C:\Program Files\SentinelOne
C:\Windows\
\System32\;Syswow64;sysmon.exe;sysmon64.exe
C:\Windows\system32\
config\systemprofile\
C:\Windows\sysmon.exe;C:\Windows\sysmon64.exe
A:\;B:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;M:\;N:\;O:\;P:\;Q:\;R:\;S:\;T:\;U:\;V:\;W:\;X:\;Y:\;Z:\;AA:\;BB:\;CC:\;DD:\;EE:\;FF:\;GG:\;HH:\;II:\;JJ:\;KK:\;LL:\;MM:\;NN:\;OO:\;PP:\;QQ:\;RR:\;SS:\;TT:\;UU:\;VV:\;WW:\;XX:\;YY;ZZ:\
:\PROGRA~
:\Program Files
:\Program Files
:\Program Files
:\ProgramData\
:\Users\
:\Windows\
:\inetpub\
:\$SysReset
:\$WinREAgent
:\inetpub\
\
C:\Users\
C:\ProgramData\
C:\ProgramData\sysmon\sysmon64.exe;C:\ProgramData\sysmon\sysmon.exe;C:\ProgramData\Cavelo\jre\bin\java.exe
C:\Program Files;C:\PROGRA~
C:\Program Files\SentinelOne\
C:\Program Files (x86)\N-Able Technologies\AutomationManagerEngine\2.70.0.4\AutomationManager.ScriptRunner64.exe;C:\PROGRA~2\BEANYW~1\GETSUP~1\TCIntegratorCommHelper.exe;C:\Program Files\Cavelo\Cavelo Agent\osqueryi.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\NASafeExec.exe
C:\inetpub\
$RECYCLE.BIN
packetbeat.exe;metricbeat.exe;filebeat.exe;winlogbeat.exe;o365beat.exe;graylog-sidecar.exe;graylog-collector-sidecar.exe;splunkd.exe;splunk.exe;syslogng.exe;syslog-ng.exe;nxlog-processor.exe;snarecore.exe;fluentd;td-agent;lpagent.exe
C:\Windows\system32\config\systemprofile\
C:\Windows\sysWOW64\config\systemprofile\
\Temp\
C:\Users\
Microsoft\Teams\current\Teams.exe
\git.exe
Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
C:\ProgramData\Lenovo\ImController\
56ceb6d0011d87b6e4d7023d7ef85676;4f2eb62fa529c0283b28d05ddd311fae;b91ce2fa41029f6955bff20079468448;b91ce2fa41029f6955bff20079468448;846e27a652a5e1bfbd0ddd38a16dc865;2c4a910a1299cdae2a4e55988a2f102e
0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5;c948ae14761095e4d76b55d9de86412258be7afd;c996d7971c49252c582171d9380360f2;ddbf5ecca5c8086afde1fb4f551e9e6400e94f4428fe7fb5559da5cffa654cc1;10b30bdee43b3a2ec4aa63375577ade650269d25;d2fd132ab7bbc6bbb87a84f026fa0244
DumpExt.dll
mimidrv
lsremora
wceaux.dll
npcap
\Temp
:\Users
ChongKim Chan
?
Revoked
Unavailable
Valid
false
SHA1=2261198385d62d2117f50f631652eded0ecc71db
SHA1=8db869c0674221a2d3280143cbb0807fac08e0cc
SHA1=27d3ebea7655a72e6e8b95053753a25db944ec0f
SHA1=33cdab3bbc8b3adce4067a1b042778607dce2acd
SHA1=21e6c104fe9731c874fab5c9560c929b2857b918
SHA1=d979353d04bf65cc92ad3412605bc81edbb75ec2
SHA1=2f991435a6f58e25c103a657d24ed892b99690b8
SHA1=f02af84393e9627ba808d4159841854a6601cf80
SHA1=bb962c9a8dda93e94fef504c4159de881e4706fe
SHA1=b97a8d506be2e7eaa4385f70c009b22adbd071ba
SHA1=92f251358b3fe86fd5e7aa9b17330afa0d64a705
SHA1=8b6aa5b2bff44766ef7afbe095966a71bc4183fa
SHA1=af6e1f2cfb230907476e8b2d676129b6d6657124
SHA1=fcde5275ee1913509927ce5f0f85e6681064c9d2
SHA1=00a442a4305c62cefa8105c0b4c4a9a5f4d1e93b
SHA1=6523b3fd87de39eb5db1332e4523ce99556077dc
SHA1=72966ca845759d239d09da0de7eebe3abe86fee3
SHA1=57511ef5ff8162a9d793071b5bf7ebe8371759de
SHA1=2d503a2457a787014a1fdd48a2ece2e6cbe98ea7
SHA1=400f833dcc2ef0a122dd0e0b1ec4ec929340d90e
SHA1=89cd760e8cb19d29ee08c430fb17a5fd4455c741
SHA1=1d0df45ee3fa758f0470e055915004e6eae54c95
SHA1=d5fd9fe10405c4f90235e583526164cd0902ed86
SHA1=c52cef5b9e1d4a78431b7af56a6fdb6aa1bcad65
SHA1=609fa1efcf61e26d64a5ceb13b044175ab2b3a13
SHA1=7d7c03e22049a725ace2a9812c72b53a66c2548b
SHA1=f9519d033d75e1ab6b82b2e156eafe9607edbcfb
SHA1=468e2e5505a3d924b14fedee4ddf240d09393776
SHA1=2e3de9bff43d7712707ef8a0b10f7e4ad8427fd8
SHA1=c9cbfdd0be7b35751a017ec59ff7237ffdc4df1f
SHA1=078ae07dec258db4376d5a2a05b9b508d68c0123
SHA1=623cd2abef6c92255f79cbbd3309cb59176771da
SHA1=1f3a9265963b660392c4053329eb9436deeed339
SHA1=4a235f0b84ff615e2879fa9e0ec0d745fcfdaa5c
SHA1=ace6b9e34e3e2e73fe584f3bbdb4e4ec106e0a7d
SHA1=4268f30b79ce125a81d0d588bef0d4e2ad409bbb
SHA1=c834c4931b074665d56ccab437dfcc326649d612
SHA1=8f5cd4a56e6e15935491aa40adb1ecad61eafe7c
SHA1=51b60eaa228458dee605430aae1bc26f3fc62325
SHA1=3270720a066492b046d7180ca6e60602c764cac7
SHA1=2a6e6bd51c7062ad24c02a4d2c1b5e948908d131
SHA1=19bd488fe54b011f387e8c5d202a70019a204adf
SHA1=a6fe4f30ca7cb94d74bc6d42cdd09a136056952e
SHA1=ea877092d57373cb466b44e7dbcad4ce9a547344
SHA1=205c69f078a563f54f4c0da2d02a25e284370251
SHA1=f9feb60b23ca69072ce42264cd821fe588a186a6
SHA1=b25170e09c9fb7c0599bfba3cf617187f6a733ac
SHA1=160c96b5e5db8c96b821895582b501e3c2d5d6e7
SHA1=a2e0b3162cfa336cd4ab40a2acc95abe7dc53843
SHA1=4e826430a1389032f3fe06e2cc292f643fb0c417
SHA1=7ab4565ba24268f0adadb03a5506d4eb1dc7c181
SHA1=dc7b022f8bd149efbcb2204a48dce75c72633526
SHA1=0307d76750dd98d707c699aee3b626643afb6936
SHA1=5711c88e9e64e45b8fc4b90ab6f2dd6437dc5a8a
SHA1=6714380bc0b8ab09b9a0d2fa66d1b025b646b946
SHA1=8626ab1da6bfbdf61bd327eb944b39fd9df33d1d
SHA1=30a224b22592d952fbe2e6ad97eda4a8f2c734e0
SHA1=c95db1e82619fb16f8eec9a8209b7b0e853a4ebe
SHA1=fe1d909ab38de1389a2a48352fd1c8415fd2eab0
SHA1=b4d1554ec19504215d27de0758e13c35ddd6db3e
SHA1=5dd2c31c4357a8b76db095364952b3d0e3935e1d
SHA1=ecb4d096a9c58643b02f328d2c7742a38e017cf0
SHA1=4a705af959af61bad48ef7579f839cb5ebd654d2
SHA1=d2e6fc9259420f0c9b6b1769be3b1f63eb36dc57
SHA1=c948ae14761095e4d76b55d9de86412258be7afd
SHA1=ddbe809b731a0962e404a045ab9e65a0b64917ad
SHA1=745bad097052134548fe159f158c04be5616afc2
SHA1=8d59fd14a445c8f3f0f7991fa6cd717d466b3754
SHA1=2dfcb799b3c42ecb0472e27c19b24ac7532775ce
SHA1=cc51be79ae56bc97211f6b73cc905c3492da8f9d
SHA1=ac13941f436139b909d105ad55637e1308f49d9a
SHA1=2b0bb408ff0e66bcdf6574f1ca52cbf4015b257b
SHA1=cc0e0440adc058615e31e8a52372abadf658e6b1
SHA1=5520ac25d81550a255dc16a0bb89d4b275f6f809
SHA1=6afc6b04cf73dd461e4a4956365f25c1f1162387
SHA1=4b009e91bae8d27b160dc195f10c095f8a2441e1
SHA1=6003184788cd3d2fc624ca801df291ccc4e225ee
SHA1=0466e90bf0e83b776ca8716e01d35a8a2e5f96d3
SHA1=e6305dddd06490d7f87e3b06d09e9d4c1c643af0
SHA1=89909fa481ff67d7449ee90d24c167b17b0612f1
SHA1=d7e8aef8c8feb87ce722c0b9abf34a7e6bab6eb4
SHA1=5e6ddd2b39a3de0016385cbd7aa50e49451e376d
SHA1=976777d39d73034df6b113dfce1aa6e1d00ffcfd
SHA1=9c6749fc6c1127f8788bff70e0ce9062959637c9
SHA1=53acd4d9e7ba0b1056cf52af0d191f226eddf312
SHA1=3abb9d0a9d600200ae19c706e570465ef0a15643
SHA1=27eab595ec403580236e04101172247c4f5d5426
SHA1=78b9481607ca6f3a80b4515c432ddfe6550b18a8
SHA1=414cd15d6c991d19fb5be02e3b9fb0e6c5ce731c
SHA1=d9c09dd725bc7bc3c19b4db37866015817a516ef
SHA1=9c256edd10823ca76c0443a330e523027b70522d
SHA1=35829e096a15e559fcbabf3441d99e580ca3b26e
SHA1=b8de3a1aeeda9deea43e3f768071125851c85bd0
SHA1=054a50293c7b4eea064c91ef59cf120d8100f237
SHA1=d94f2fb3198e14bfe69b44fb9f00f2551f7248b2
SHA1=01a578a3a39697c4de8e3dab04dba55a4c35163e
SHA1=14bf0eaa90e012169745b3e30c281a327751e316
SHA1=f50c6b84dfb8f2d53ba3bce000a55f0a486c0e79
SHA1=6100eb82a25d64a7a7702e94c2b21333bc15bd08
SHA1=bf87e32a651bdfd9b9244a8cf24fca0e459eb614
SHA1=28b1c0b91eb6afd2d26b239c9f93beb053867a1a
SHA1=879fcc6795cebe67718388228e715c470de87dca
SHA1=1f7501e01d84a2297c85cb39880ec4e40ac3fe8a
SHA1=152b6bb9ffd2ffec00cc46f5c6e29362d0e66e67
SHA1=5f8356ffa8201f338dd2ea979eb47881a6db9f03
SHA1=a7bd05de737f8ea57857f1e0845a25677df01872
SHA1=cce9b82f01ec68f450f5fe4312f40d929c6a506e
SHA1=e35a2b009d54e1a0b231d8a276251f64231b66a3
SHA1=37364cb5f5cefd68e5eca56f95c0ab4aff43afcc
SHA1=d62fa51e520022483bdc5847141658de689c0c29
SHA1=93aa3bb934b74160446df3a47fa085fd7f3a6be9
SHA1=ec4cc6de4c779bb1ca1dd32ee3a03f7e8d633a9b
SHA1=35f1ba60ba0da8512a0b1b15ee8e30fe240d77cd
SHA1=3805e4e08ad342d224973ecdade8b00c40ed31be
SHA1=65d8a7c2e867b22d1c14592b020c548dd0665646
SHA1=c8d87f3cd34c572870e63a696cf771580e6ea81b
SHA1=c4d7fb9db3c3459f7e8c0e3d48c95c7c9c4cff60
SHA1=d34a7c497c603f3f7fcad546dc4097c2da17c430
SHA1=1fd7f881ea4a1dbb5c9aeb9e7ad659a85421745b
SHA1=0b8b83f245d94107cb802a285e6529161d9a834d
SHA1=c969f1f73922fd95db1992a5b552fbc488366a40
SHA1=ac600a2bc06b312d92e649b7b55e3e91e9d63451
SHA1=da9cea92f996f938f699902482ac5313d5e8b28e
SHA1=33285b2e97a0aeb317166cce91f6733cf9c1ad53
SHA1=21edff2937eb5cd6f6b0acb7ee5247681f624260
SHA1=f052dc35b74a1a6246842fbb35eb481577537826
SHA1=f0c463d29a5914b01e4607889094f1b7d95e7aaf
SHA1=0c26ab1299adcd9a385b541ef1653728270aa23e
SHA1=f36a47edfacd85e0c6d4d22133dd386aee4eec15
SHA1=460008b1ffd31792a6deadfa6280fb2a30c8a5d2
SHA1=738b7918d85e5cb4395df9e3f6fc94ddad90e939
SHA1=43419df1f9a07430a18c5f3b3cc74de621be0f8e
SHA1=558aad879b6a47d94a968f39d0a4e3a3aaef1ef1
SHA1=7fb52290883a6b69a96d480f2867643396727e83
SHA1=f5696fb352a3fbd14fb1a89ad21a71776027f9ab
SHA1=693a2645c28fc3b248fda95179c36c3ac64f6fc2
SHA1=05c0c49e8bcf11b883d41441ce87a2ee7a3aba1d
SHA1=d25340ae8e92a6d29f599fef426a2bc1b5217299
SHA1=7c1b25518dee1e30b5a6eaa1ea8e4a3780c24d0c
SHA1=fe10018af723986db50701c8532df5ed98b17c39
SHA1=bfe55cacc7c56c9f7bd75bdb4b352c0b745d071b
SHA1=a21c84c6bf2e21d69fa06daaf19b4cc34b589347
SHA1=82ba5513c33e056c3f54152c8555abf555f3e745
SHA1=d098600152e5ee6a8238d414d2a77a34da8afaaa
SHA1=64e4ac8b9ea2f050933b7ec76a55dd04e97773b4
SHA1=bbc1e5fd826961d93b76abd161314cb3592c4436
SHA1=90a76945fd2fa45fab2b7bcfdaf6563595f94891
SHA1=b03b1996a40bfea72e4584b82f6b845c503a9748
SHA1=c771ea59f075170e952c393cfd6fc784b265027c
SHA1=cb44c6f0ee51cb4c5836499bc61dd6c1fbdf8aa1
SHA1=0918277fcdc64a9dc51c04324377b3468fa1269b
SHA1=b09bcc042d60d2f4c0d08284818ed198cededa04
SHA1=8dc2097a90eb7e9d6ee31a7c7a95e7a0b2093b89
SHA1=15df139494d2c40a645fb010908551185c27f3c5
SHA1=012db3a80faf1f7f727b538cbe5d94064e7159de
SHA1=d04e5db5b6c848a29732bfd52029001f23c3da75
SHA1=490109fa6739f114651f4199196c5121d1c6bdf2
SHA1=b4d014b5edd6e19ce0e8395a64faedf49688ecb5
SHA1=a87d6eac2d70a3fbc04e59412326b28001c179de
SHA1=3f223581409492172a1e875f130f3485b90fbe5f
SHA1=5db61d00a001fd493591dc919f69b14713889fc5
SHA1=9923c8f1e565a05b3c738d283cf5c0ed61a0b90f
SHA1=15d1a6a904c8409fb47a82aefa42f8c3c7d8c370
SHA1=9d07df024ec457168bf0be7e0009619f6ac4f13c
SHA1=9a35ae9a1f95ce4be64adc604c80079173e4a676
SHA1=c6bd965300f07012d1b651a9b8776028c45b149a
SHA1=e83458c4a6383223759cd8024e60c17be4e7c85f
SHA1=cb3de54667548a5c9abf5d8fa47db4097fcee9f1
SHA1=9c24dd75e4074041dbe03bf21f050c77d748b8e9
SHA1=dc55217b6043d819eadebd423ff07704ee103231
SHA1=e92817a8744ebc4e4fa5383cdce2b2977f01ecd4
SHA1=dc0e97adb756c0f30b41840a59b85218cbdd198f
SHA1=26c4a7b392d7e7bd7f0a2a758534e45c0d9a56ab
SHA1=d0d39e1061f30946141b6ecfa0957f8cc3ddeb63
SHA1=c6d349823bbb1f5b44bae91357895dba653c5861
SHA1=f42f28d164205d9f6dab9317c9fecad54c38d5d2
SHA1=bbc0b9fd67c8f4cefa3d76fcb29ff3cef996b825
SHA1=8183a341ba6c3ce1948bf9be49ab5320e0ee324d
SHA1=eb1ecad3d37bb980f908bf1a912415cff32e79e6
SHA1=eb0d45aa6f537f5b2f90f3ad99013606eafcd162
SHA1=6053d258096bccb07cb0057d700fe05233ab1fbb
SHA1=29a190727140f40cea9514a6420f5a195e36386b
SHA1=a4b2c56c12799855162ca3b004b4b2078c6ecf77
SHA1=7667b72471689151e176baeba4e1cd9cd006a09a
SHA1=d7f7594ff084201c0d9fa2f4ef1626635b67bce5
SHA1=99201c9555e5faf6e8d82da793b148311f8aa4b8
SHA1=947db58d6f36a8df9fa2a1057f3a7f653ccbc42e
SHA1=6a3d3b9ab3d201cd6b0316a7f9c3fb4d34d0f403
SHA1=d702d88b12233be9413446c445f22fda4a92a1d9
SHA1=910cb12aa49e9f35ecc4907e8304adf0dcca8cf1
SHA1=643383938d5e0d4fd30d302af3e9293a4798e392
SHA1=c4ed28fdfba7b8a8dfe39e591006f25d39990f07
SHA1=b0032b8d8e6f4bd19a31619ce38d8e010f29a816
SHA1=db6245578ec57bd767b27ecf8085095e1c8e5a6e
SHA1=166759fd511613414d3213942fe2575b926a6226
SHA1=02a8b74899591da7b7f49c0450328d39b939d7e4
SHA1=98ceed786f79288becc08c3b82c57e8d4bfa1bca
SHA1=f6b3577ea4b1a5641ae3421151a26268434c3db8
SHA1=4de33d03fee52f396a1c788000ca868d56ac30de
SHA1=c6920171fa6dff2c17eb83befb5fd28e8dddf5f0
SHA1=fbc6d2448739ddec35bb5d6c94b46df4148f648d
SHA1=6b54f8f137778c1391285fee6150dfa58a8120b1
SHA1=943593e880b4d340f2548548e6e673ef6f61eed3
SHA1=5ac4d0e2381fc4a8aebe94a0fb6fe5e7558e4dcd
SHA1=e44297a2b750ec1958bef265e2f1ae6fa4323b28
SHA1=aa2ea973bb248b18973e57339307cfb8d309f687
SHA1=3a5d176c50f97b71d139767ed795d178623f491d
SHA1=25d812a5ece19ea375178ef9d60415841087726e
SHA1=3795e32592ab6d8074b6f7ad33759c6a39b0df07
SHA1=fc121ed6fb37e97a004b6faf217435b772dfc4c0
SHA1=ab2b8602e4baef828b58b995d0889a8e5b8dbd02
SHA1=cf040040628b58f4a811f98c2690913c1e8e4e3c
SHA1=3296844d22c87dd5eba3aa378a8242b41d59db7a
SHA1=bc47e15537fa7c32dfefd23168d7e1741f8477ed
SHA1=cb22723faa5ae2809476e5c5e9b9a597b26cab9b
SHA1=f3c5e723ae009b336cd2719137b8cd194c9ee51d
SHA1=41f2d0f9863bce8920c207b1ef5d3d32b603edef
SHA1=eb93d2f564fea9b3dc350f386b45de2cd9a3e001
SHA1=3cd037fbba8aae82c1b111c9f8755349c98bcb3c
SHA1=9401389fba314d1810f83edce33c37e84a78e112
SHA1=7eb34cc1fcffb4fdb5cb7e97184dd64a65cb9371
SHA1=16d7ecf09fc98798a6170e4cef2745e0bee3f5c7
SHA1=fcd615df88645d1f57ff5702bd6758b77efea6d0
SHA1=f3db629cfe37a73144d5258e64d9dd8b38084cf4
SHA1=a00e444120449e35641d58e62ed64bb9c9f518d2
SHA1=38571f14fc014487194d1eecfa80561ee8644e09
SHA1=4d41248078181c7f61e6e4906aa96bbdea320dc2
SHA1=3599ea2ac1fa78f423423a4cf90106ea0938dde8
SHA1=3d6d53b0f1cc908b898610227b9f1b9352137aba
SHA1=4c18754dca481f107f0923fb8ef5e149d128525d
SHA1=8c377ab4eebc5f4d8dd7bb3f90c0187dfdd3349f
SHA1=cde32654a041fedc7b0fa1083f6005b950760062
SHA1=5fb9421be8a8b08ec395d05e00fd45eb753b593a
SHA1=b480c54391a2a2f917a44f91a5e9e4590648b332
SHA1=4f7a8e26a97980544be634b26899afbefb0a833c
SHA256=05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748
SHA256=4045AE77859B1DBF13972451972EAAF6F3C97BEA423E9E78F1C2F14330CD47CA
SHA256=6948480954137987A0BE626C24CF594390960242CD75F094CD6AAA5C2E7A54FA
SHA256=8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F
SHA256=B1D96233235A62DBB21B8DBE2D1AE333199669F67664B107BFF1AD49B41D9414
SHA256=7196187FB1EF8D108B380D37B2AF8EFDEB3CA1F6EEFD37B5DC114C609147216D
SHA256=7F375639A0DF7FE51E5518CF87C3F513C55BC117DB47D28DA8C615642EB18BFA
SHA256=42579A759F3F95F20A2C51D5AC2047A2662A2675B3FB9F46C1ED7F23393A0F00
SHA256=2DA330A2088409EFC351118445A824F11EDBE51CF3D653B298053785097FE40E
SHA256=436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7
SHA256=B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602
SHA256=DDE6F28B3F7F2ABBEE59D4864435108791631E9CB4CDFB1F178E5AA9859956D8
SHA256=B48A309EE0960DA3CAAAAF1E794E8C409993AEB3A2B64809F36B97AAC8A1E62A
SHA256=025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4
SHA256=2AA1B08F47FBB1E2BD2E4A492F5D616968E703E1359A921F62B38B8E4662F0C4
SHA256=ECE0A900EA089E730741499614C0917432246CEB5E11599EE3A1BB679E24FD2C
SHA256=F40435488389B4FB3B945CA21A8325A51E1B5F80F045AB019748D0EC66056A8B
SHA256=2A652DE6B680D5AD92376AD323021850DAB2C653ABF06EDF26120F7714B8E08A
SHA256=950A4C0C772021CEE26011A92194F0E58D61588F77F2873AA0599DFF52A160C9
SHA256=0AAFA9F47ACF69D46C9542985994FF5321F00842A28DF2396D4A3076776A83CB
SHA256=47F08F7D30D824A8F4BB8A98916401A37C0FD8502DB308ABA91FE3112B892DCC
SHA256=B9A4E40A5D80FEDD1037EAED958F9F9EFED41EB01ADA73D51B5DCD86E27E0CBF
SHA256=5C04C274A708C9A7D993E33BE3EA9E6119DC29527A767410DBAF93996F87369A
SHA256=0040153302B88BEE27EB4F1ECA6855039E1A057370F5E8C615724FA5215BADA3
SHA256=3326E2D32BBABD69FEB6024809AFC56C7E39241EBE70A53728C77E80995422A5
SHA256=36B9E31240AB0341873C7092B63E2E0F2CAB2962EBF9B25271C3A1216B7669EB
SHA256=29E0062A017A93B2F2F5207A608A96DF4D554C5DE976BD0276C2590A03BD3E94
SHA256=45ABDBCD4C0916B7D9FAAF1CD08543A3A5178871074628E0126A6EDA890D26E0
SHA256=50DB5480D0392A7DD6AB5DF98389DC24D1ED1E9C98C9C35964B19DABCD6DC67F
SHA256=607DC4C75AC7AEF82AE0616A453866B3B358C6CF5C8F9D29E4D37F844306B97C
SHA256=61D6E40601FA368800980801A662A5B3B36E3C23296E8AE1C85726A56EF18CC8
SHA256=74A846C61ADC53692D3040AFF4C1916F32987AD72B07FE226E9E7DBEFF1036C4
SHA256=76FB4DEAEE57EF30E56C382C92ABFFE2CF616D08DBECB3368C8EE6B02E59F303
SHA256=81939E5C12BD627FF268E9887D6FB57E95E6049F28921F3437898757E7F21469
SHA256=9790A7B9D624B2B18768BB655DDA4A05A9929633CEF0B1521E79E40D7DE0A05B
SHA256=9A1D66036B0868BBB1B2823209FEDEA61A301D5DD245F8E7D390BD31E52D663E
SHA256=AA9AB1195DC866270E984F1BED5E1358D6EF24C515DFDB6C2A92D1E1B94BF608
SHA256=AF095DE15A16255CA1B2C27DAD365DFF9AC32D2A75E8E288F5A1307680781685
SHA256=D5586DC1E61796A9AE5E5D1CED397874753056C3DF2EB963A8916287E1929A71
SHA256=D8459F7D707C635E2C04D6D6D47B63F73BA3F6629702C7A6E0DF0462F6478AE2
SHA256=E81230217988F3E7EC6F89A06D231EC66039BDBA340FD8EBB2BBB586506E3293
SHA256=F88EBB633406A086D9CCA6BC8B66A4EA940C5476529F9033A9E0463512A23A57
SHA256=1C8DFA14888BB58848B4792FB1D8A921976A9463BE8334CFF45CC96F1276049A
SHA256=22418016E980E0A4A2D01CA210A17059916A4208352C1018B0079CCB19AAF86A
SHA256=405472A8F9400A54BB29D03B436CCD58CFD6442FE686F6D2ED4F63F002854659
SHA256=49F75746EEBE14E5DB11706B3E58ACCC62D4034D2F1C05C681ECEF5D1AD933BA
SHA256=4A3D4DB86F580B1680D6454BAEE1C1A139E2DDE7D55E972BA7C92EC3F555DCE2
SHA256=4AB41816ABBF14D59E75B7FAD49E2CB1C1FEB27A3CB27402297A2A4793FF9DA7
SHA256=54841D9F89E195196E65AA881834804FE3678F1CF6B328CAB8703EDD15E3EC57
SHA256=5EE292B605CD3751A24E5949AAE615D472A3C72688632C3040DC311055B75A92
SHA256=76B86543CE05540048F954FED37BDDA66360C4A3DDB8328213D5AEF7A960C184
SHA256=7F190F6E5AB0EDAFD63391506C2360230AF4C2D56C45FC8996A168A1FC12D457
SHA256=845F1E228DE249FC1DDF8DC28C39D03E8AD328A6277B6502D3932E83B879A65A
SHA256=84BF1D0BCDF175CFE8AEA2973E0373015793D43907410AE97E2071B2C4B8E2D4
SHA256=8EF0AD86500094E8FA3D9E7D53163AA6FEEF67C09575C169873C494ED66F057F
SHA256=A56C2A2425EB3A4260CC7FC5C8D7BED7A3B4CD2AF256185F24471C668853AEE8
SHA256=AC3F613D457FC4D44FA27B2E0B1BAA62C09415705EFB5A40A4756DA39B3AC165
SHA256=B1334A71CC73B3D0C54F62D8011BEC330DFC355A239BF94A121F6E4C86A30A2E
SHA256=B47BE212352D407D0EF7458A7161C66B47C2AEC8391DD101DF11E65728337A6A
SHA256=B9B3878DDC5DFB237D38F8D25067267870AFD67D12A330397A8853209C4D889C
SHA256=DB90E554AD249C2BD888282ECF7D8DA4D1538DD364129A3327B54F8242DD5653
SHA256=E61A54F6D3869B43C4ECEAC3016DF73DF67CCE03878C5A6167166601C5D3F028
SHA256=3871E16758A1778907667F78589359734F7F62F9DC953EC558946DCDBE6951E3
SHA256=DED2927F9A4E64EEFD09D0CABA78E94F309E3A6292841AE81D5528CAB109F95D
SHA256=0296E2CE999E67C76352613A718E11516FE1B0EFC3FFDB8918FC999DD76A73A5
SHA256=80CBBA9F404DF3E642F22C476664D63D7C229D45D34F5CD0E19C65EB41BECEC3
SHA256=BB50818A07B0EB1BD317467139B7EB4BAD6CD89053FECDABFEAE111689825955
SHA256=FF6729518A380BF57F1BC6F1EC0AA7F3012E1618B8D9B0F31A61D299EE2B4339
SHA256=3A5EC83FE670E5E23AEF3AFA0A7241053F5B6BE5E6CA01766D6B5F9177183C25
SHA256=61A1BDDDD3C512E681818DEBB5BEE94DB701768FC25E674FCAD46592A3259BD0
SHA256=07B6D69BAFCFD767F1B63A490A8843C3BB1F8E1BBEA56176109B5743C8F7D357
SHA256=21CCDD306B5183C00ECFD0475B3152E7D94B921E858E59B68A03E925D1715F21
SHA256=2D83CCB1AD9839C9F5B3F10B1F856177DF1594C66CBBC7661677D4B462EBF44D
SHA256=F581DECC2888EF27EE1EA85EA23BBB5FB2FE6A554266FF5A1476ACD1D29D53AF
SHA256=F8965FDCE668692C3785AFA3559159F9A18287BC0D53ABB21902895A8ECF221B
SHA256=3D23BDBAF9905259D858DF5BF991EB23D2DC9F4ECDA7F9F77839691ACEF1B8C4
SHA256=DD4A1253D47DE14EF83F1BC8B40816A86CCF90D1E624C5ADF9203AE9D51D4097
SHA256=509628B6D16D2428031311D7BD2ADD8D5F5160E9ECC0CD909F1E82BBBB3234D6
SHA256=525D9B51A80CA0CD4C5889A96F857E73F3A80DA1FFBAE59851E0F51BDFB0B6CD
SHA256=6DE84CAA2CA18673E01B91AF58220C60AECD5CCCF269725EC3C7F226B2167492
SHA256=09BEDBF7A41E0F8DABE4F41D331DB58373CE15B2E9204540873A1884F38BDDE1
SHA256=101402D4F5D1AE413DED499C78A5FCBBC7E3BAE9B000D64C1DD64E3C48C37558
SHA256=131D5490CEB9A5B2324D8E927FEA5BECFC633015661DE2F4C2F2375A3A3B64C6
SHA256=1DDFE4756F5DB9FB319D6C6DA9C41C588A729D9E7817190B027B38E9C076D219
SHA256=1E8B0C1966E566A523D652E00F7727D8B0663F1DFDCE3B9A09B9ADFAEF48D8EE
SHA256=2BBE65CBEC3BB069E92233924F7EE1F95FFA16173FCEB932C34F68D862781250
SHA256=30706F110725199E338E9CC1C940D9A644D19A14F0EB8847712CBA4CACDA67AB
SHA256=3124B0411B8077605DB2A9B7909D8240E0D554496600E2706E531C93C931E1B5
SHA256=38FA0C663C8689048726666F1C5E019FEAA9DA8278F1DF6FF62DA33961891D2A
SHA256=39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E
SHA256=3D9E83B189FCF5C3541C62D1F54A0DA0A4E5B62C3243D2989AFC46644056C8E3
SHA256=3F2FDA9A7A9C57B7138687BBCE49A2E156D6095DDDABB3454EA09737E02C3FA5
SHA256=47F0CDAA2359A63AD1389EF4A635F1F6EEE1F63BDF6EF177F114BDCDADC2E005
SHA256=50D5EAA168C077CE5B7F15B3F2C43BD2B86B07B1E926C1B332F8CB13BD2E0793
SHA256=56A3C9AC137D862A85B4004F043D46542A1B61C6ACB438098A9640469E2D80E7
SHA256=591BD5E92DFA0117B3DAA29750E73E2DB25BAA717C31217539D30FFB1F7F3A52
SHA256=5D530E111400785D183057113D70623E17AF32931668AB7C7FC826F0FD4F91A3
SHA256=6F1FF29E2E710F6D064DC74E8E011331D807C32CC2A622CBE507FD4B4D43F8F4
SHA256=79E2D37632C417138970B4FEBA91B7E10C2EA251C5EFE3D1FC6FA0190F176B57
SHA256=85866E8C25D82C1EC91D7A8076C7D073CCCF421CF57D9C83D80D63943A4EDD94
SHA256=89B0017BC30CC026E32B758C66A1AF88BD54C6A78E11EC2908FF854E00AC46BE
SHA256=9254F012009D55F555418FF85F7D93B184AB7CB0E37AECDFDAB62CFE94DEA96B
SHA256=984A77E5424C6D099051441005F2938AE92B31B5AD8F6521C6B001932862ADD7
SHA256=98B734DDA78C16EBCAA4AFEB31007926542B63B2F163B2F733FA0D00DBB344D8
SHA256=99F4994A0E5BD1BF6E3F637D3225C69FF4CD620557E23637533E7F18D7D6CBA1
SHA256=9C10E2EC4F9EF591415F9A784B93DC9C9CDAFA7C69602C0DC860C5B62222E449
SHA256=A961F5939088238D76757669A9A81905E33F247C9C635B908DAAC146AE063499
SHA256=A9706E320179993DADE519A83061477ACE195DAA1B788662825484813001F526
SHA256=B7A20B5F15E1871B392782C46EBCC897929443D82073EE4DCB3874B6A5976B5D
SHA256=CC586254E9E89E88334ADEE44E332166119307E79C2F18F6C2AB90CE8BA7FC9B
SHA256=CD4A249C3EF65AF285D0F8F30A8A96E83688486AAB515836318A2559757A89BB
SHA256=CF4B5FA853CE809F1924DF3A3AE3C4E191878C4EA5248D8785DC7E51807A512B
SHA256=D0BD1AE72AEB5F3EABF1531A635F990E5EAAE7FDD560342F915F723766C80889
SHA256=D8B58F6A89A7618558E37AFC360CD772B6731E3BA367F8D58734ECEE2244A530
SHA256=D92EAB70BCECE4432258C9C9A914483A2267F6AB5CE2630048D3A99E8CB1B482
SHA256=E005E8D183E853A27AD3BB56F25489F369C11B0D47E3D4095AAD9291B3343BF1
SHA256=E68D453D333854787F8470C8BAEF3E0D082F26DF5AA19C0493898BCF3401E39A
SHA256=E83908EBA2501A00EF9E74E7D1C8B4FF1279F1CD6051707FD51824F87E4378FA
SHA256=EF86C4E5EE1DBC4F81CD864E8CD2F4A2A85EE4475B9A9AB698A4AE1CC71FBEB0
SHA256=F088B2BA27DACD5C28F8EE428F1350DCA4BC7C6606309C287C801B2E1DA1A53D
SHA256=FD8669794C67B396C12FC5F08E9C004FDF851A82FAF302846878173E4FBECB03
SHA256=91314768DA140999E682D2A290D48B78BB25A35525EA12C1B1F9634D14602B2C
SHA256=F0605DDA1DEF240DC7E14EFA73927D6C6D89988C01EA8647B671667B2B167008
SHA256=6CB51AE871FBD5D07C5AAD6FF8EEA43D34063089528603CA9CEB8B4F52F68DDC
SHA256=DB2A9247177E8CDD50FE9433D066B86FFD2A84301AA6B2EB60F361CFFF077004
SHA256=7EC93F34EB323823EB199FBF8D06219086D517D0E8F4B9E348D7AFD41EC9FD5D
SHA256=7049F3C939EFE76A5556C2A2C04386DB51DAF61D56B679F4868BB0983C996EBB
SHA256=7877C1B0E7429453B750218CA491C2825DAE684AD9616642EFF7B41715C70ACA
SHA256=159E7C5A12157AF92E0D14A0D3EA116F91C09E21A9831486E6DC592C93C10980
SHA256=3243AAB18E273A9B9C4280A57AECEF278E10BFFF19ABB260D7A7820E41739099
SHA256=7CFA5E10DFF8A99A5D544B011F676BC383991274C693E21E3AF40CF6982ADB8C
SHA256=C9B49B52B493B53CD49C12C3FA9553E57C5394555B64E32D1208F5B96A5B8C6E
SHA256=3EC5AD51E6879464DFBCCB9F4ED76C6325056A42548D5994BA869DA9C4C039A8
SHA256=47EAEBC920CCF99E09FC9924FEB6B19B8A28589F52783327067C9B09754B5E84
SHA256=1aaf4c1e3cb6774857e2eef27c17e68dc1ae577112e4769665f516c2e8c4e27b
SHA256=e6056443537d4d2314dabca1b9168f1eaaf17a14eb41f6f5741b6b82b3119790
SHA256=76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22
SHA256=6c7120e40fc850e4715058b233f5ad4527d1084a909114fd6a36b7b7573c4a44
SHA256=2e6b339597a89e875f175023ed952aaac64e9d20d457bbc07acf1586e7fe2df8
SHA256=71fe5af0f1564dc187eea8d59c0fbc897712afa07d18316d2080330ba17cf009
SHA256=39937d239220c1b779d7d55613de2c0a48bd6e12e0214da4c65992b96cf591df
SHA256=7ed26a593524a2a92ffcfb075a42bb4fa4775ffbf83af98525244a4710886ead
SHA256=aa717e9ab4d614497df19f602d289a6eddcdba8027c71bcc807780a219347d16
SHA256=ff5f6048a3d6f6738b60e911e3876fcbdc9a02ec9862f909345c8a50fd4cc0a7
SHA256=11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
SHA256=58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495
SHA256=01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd
SHA256=22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c
SHA256=31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427
SHA256=952199C28332BC90CFD74530A77EE237967ED32B3C71322559C59F7A42187DC4
SHA256=9529EFB1837B1005E5E8F477773752078E0A46500C748BC30C9B5084D04082E6
SHA256=A7B000ABBCC344444A9B00CFADE7AA22AB92CE0CADEC196C30EB1851AE4FA062
SHA256=4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b
SHA256=01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece
SHA256=9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374
SHA256=06bda5a1594f7121acd2efe38ccb617fbc078bb9a70b665a5f5efd70e3013f50
SHA256=cbb8239a765bf5b2c1b6a5c8832d2cab8fef5deacadfb65d8ed43ef56d291ab6
SHA256=d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e
SHA256=a7c2e7910942dd5e43e2f4eb159bcd2b4e71366e34a68109548b9fb12ac0f7cc
SHA256=2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d
SHA256=f929bead59e9424ab90427b379dcdd63fbfe0c4fb5e1792e3a1685541cd5ec65
SHA256=59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347
SHA256=552f70374715e70c4ade591d65177be2539ec60f751223680dfaccb9e0be0ed9
SHA256=86a8e0aa29a5b52c84921188cc1f0eca9a7904dcfe09544602933d8377720219
SHA256=1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8
SHA256=60c6f4f34c7319cb3f9ca682e59d92711a05a2688badbae4891b1303cd384813
SHA256=55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a
SHA256=42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f
SHA256=bb1135b51acca8348d285dc5461d10e8f57260e7d0c8cc4a092734d53fc40cbc
SHA256=b179e1ab6dc0b1aee783adbcad4ad6bb75a8a64cb798f30c0dd2ee8aaf43e6de
SHA256=314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073
SHA256=65db1b259e305a52042e07e111f4fa4af16542c8bacd33655f753ef642228890
SHA256=19a212e6fc324f4cb9ee5eba60f5c1fc0191799a4432265cbeaa3307c76a7fc0
SHA256=a7c8f4faf3cbb088cac7753d81f8ec4c38ccb97cd9da817741f49272e8d01200
SHA256=677c0b1add3990fad51f492553d3533115c50a242a919437ccb145943011d2bf
SHA256=fc22977ff721b3d718b71c42440ee2d8a144f3fbc7755e4331ddd5bcc65158d2
SHA256=ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173
SHA256=18e1707b319c279c7e0204074088cc39286007a1cf6cb6e269d5067d8d0628c6
SHA256=c9cf1d627078f63a36bbde364cd0d5f2be1714124d186c06db5bcdf549a109f8
SHA256=afdd66562dea51001c3a9de300f91fc3eb965d6848dfce92ccb9b75853e02508
SHA256=a899b659b08fbae30b182443be8ffb6a6471c1d0497b52293061754886a937a3
SHA256=1963d5a0e512b72353953aadbe694f73a9a576f0241a988378fa40bf574eda52
SHA256=7133a461aeb03b4d69d43f3d26cd1a9e3ee01694e97a0645a3d8aa1a44c39129
SHA256=32e1a8513eee746d17eb5402fb9d8ff9507fb6e1238e7ff06f7a5c50ff3df993
SHA256=082c39fe2e3217004206535e271ebd45c11eb072efde4cc9885b25ba5c39f91d
SHA256=65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd
SHA256=f8430bdc6fd01f42217d66d87a3ef6f66cb2700ebb39c4f25c8b851858cc4b35
SHA256=9f1229cd8dd9092c27a01f5d56e3c0d59c2bb9f0139abf042e56f343637fda33
SHA256=b03f26009de2e8eabfcf6152f49b02a55c5e5d0f73e01d48f5a745f93ce93a29
SHA256=3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838
SHA256=3c5bf92c26398695f9ced7ce647a7e9f6ddcc89eea66b45aa3607196a187431b
SHA256=478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82
SHA256=4ed2d2c1b00e87b926fb58b4ea43d2db35e5912975f4400aa7bd9f8c239d08b7
SHA256=b205835b818d8a50903cf76936fcf8160060762725bd74a523320cfbd091c038
SHA256=ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89
SHA256=73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e
SHA256=87e38e7aeaaaa96efe1a74f59fca8371de93544b7af22862eb0e574cec49c7c3
SHA256=2270a8144dabaf159c2888519b11b61e5e13acdaa997820c09798137bded3dd6
SHA256=43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89
SHA256=e1980c6592e6d2d92c1a65acad8f1071b6a404097bb6fcce494f3c8ac31385cf
SHA256=1dadd707c55413a16320dc70d2ca7784b94c6658331a753b3424ae696c5d93ea
SHA256=d84e3e250a86227c64a96f6d5ac2b447674ba93d399160850acb2339da43eae5
SHA256=5ae23f1fcf3fb735fcf1fa27f27e610d9945d668a149c7b7b0c84ffd6409d99a
SHA256=0f726d8ce21c0c9e01ebe6b55913c519ad6086bcaec1a89f8308f3effacd435f
SHA256=95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3
SHA256=0e14a4401011a9f4e444028ac5b1595da34bbbf9af04a00670f15ff839734003
SHA256=26c86227d3f387897c1efd77dc711eef748eb90be84149cb306e3d4c45cc71c7
SHA256=42d926cfb3794f9b1e3cb397498696cb687f505e15feb9df11b419c49c9af498
SHA256=1684e24dae20ab83ab5462aa1ff6473110ec53f52a32cfb8c1fe95a2642c6d22
SHA256=9b6a84f7c40ea51c38cc4d2e93efb3375e9d98d4894a85941190d94fbe73a4e4
SHA256=440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c
SHA256=e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53
SHA256=3a364a7a3f6c0f2f925a060e84fb18b16c118125165b5ea6c94363221dc1b6de
SHA256=fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330
SHA256=3ac5e01689a3d745e60925bc7faca8d4306ae693e803b5e19c94906dc30add46
SHA256=175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347
SHA256=8596ea3952d84eeef8f5dc5b0b83014feb101ec295b2d80910f21508a95aa026
SHA256=52a90fd1546c068b92add52c29fbb8a87d472a57e609146bbcb34862f9dcec15
SHA256=543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91
SHA256=e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf
SHA256=1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c
SHA256=cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64
SHA256=3ed15a390d8dfbd8a8fb99e8367e19bfd1cced0e629dfe43ccdb46c863394b59
SHA256=8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6
SHA256=eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b
SHA256=37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9
SHA256=32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351
SHA256=c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5
SHA256=ff803017d1acafde6149fe7d463aee23b1c4f6f3b97c698c05f3ca6f07e4df6c
SHA256=000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b
SHA256=0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05
SHA256=a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433
msdt.exe
sdiageng.dll
WINWORD.exe;EXCEL.EXE
VBE7.DLL;VBE7INTL.DLL;VBEUI.DLL;wshom.ocx
wbemdisp.dll;wbemcomn.dll;wbemprox.dll;wmiutils.dll;wbemsvc.dll
ntkrnlmp.exe
\spool\drivers\x64\3\;\spool\drivers\W32X86\3\;\spool\drivers\IA64\3\
spoolsv.exe;printisolationhost.exe
Valid
Brother Industries;Canon;Sharp;Microsoft Corporation;DYMO;Euro Plus d.o.o;HP Inc;Hewlett-Packard
C:\Windows\
\Users\Public\;\Desktop\;\Downloads\;\AppData\Local\Temp\;\PerfLogs\;$Recycle;\Fonts\
\Program Files
EQNEDT32.EXE
EQNEDT32.EXE
ACTIVEDS.DLL;Adsldpc.dll;Wldap32.dll;adsldp.dll
C:\Users;\Temp\;\ProgramData\
ConnectWise.exe
\MSP Anywhere for N-central\Viewer\tkcuploader.exe
ACTIVEDS.DLL;Adsldpc.dll;Wldap32.dll;adsldp.dll
\wscript.exe;\cscript.exe;\powershell.exe;\powershell_ise.exe;\rundll32.exe;\msbuild.exe;\csc.exe
6.3.9600.20566 (winblue_ltsb_escrow.220812-1741)
winblue
WINWORD.exe;EXCEL.EXE
VBEUI.DLL;VBE6.DLL;VBE6INTL.DLL;wshom.ocx
wbemdisp.dll;wbemcomn.dll;wbemprox.dll;wmiutils.dll;wbemsvc.dll;fastprox.dll
WINWORD.exe;EXCEL.EXE
VBE7.DLL;VBE7INTL.DLL;VBEUI.DLL;wbemdisp.dll;wbemcomn.dll;wbemprox.dll;wmiutils.dll;wbemsvc.dll
WINWORD.exe;EXCEL.EXE
VBEUI.DLL;VBE6.DLL;VBE6INTL.DLL;wbemdisp.dll;wbemcomn.dll;wbemprox.dll;wmiutils.dll;wbemsvc.dll
WINWORD.exe;EXCEL.EXE
taskschd.dll
wscript.exe;cscript.exe
taskschd.dll
wmiprvse.exe
taskschd.dll
powershell.exe
msi.dll
powershell
amsi.dll
powershell
amsi.dll
C:\Program Files (x86)\N-Able Technologies\AutomationManagerEngine\2.70.0.4\AutomationManager.ScriptRunner64.exe;C:\Program Files\Cavelo\Cavelo Agent\osqueryi.exe;C:\Program Files (x86)\Duo Device Health\Duo Device Health.exe
logoncli.dll
C:\Windows\System32\wbem\WmiPrvSE.exe
WINWORD.exe;EXCEL.EXE
clr.dll
clr.dll;System.Management.ni.dll;Microsoft.Build.Utilities
wscript.exe;cscript.exe
msxml;wshom.ocx
wscript.exe;cscript.exe
winhttp.dll;mswsock.dll;IPHLPAPI.DLL
installutil.exe
CustomMarshalers.dll;CustomMarshalers.ni.dll;System.Management.ni.dll;WMINet_Utils.dll;mswsock.dll
System.Management.Automation.ni.dll
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\
System.Management.Automation.dll
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\
Lenovo.Vantage.AddinHost;\Microsoft.Sara.exe;C:\Program Files\CONEXANT
C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe;C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe
C:\Windows\System32\vaultcli.dll
\svchost.exe;\GameBar.exe;C:\Program Files\WindowsApps;\Microsoft\Teams\current\Teams.exe
\\
\Microsoft\Word\Startup\
.wll
\Microsoft\Excel\Startup\
.xll
\Microsoft\Addins\
.xla
tor-lib.dll
C:\Windows\System32\WinSCard.dll;C:\Windows\System32\cryptdll.dll;C:\Windows\System32\hid.dll;C:\Windows\System32\samlib.dll;C:\Windows\System32\vaultcli.dll
C:\Program Files\Cavelo\Cavelo Agent\osqueryi.exe;C:\Program Files\Veeam\Backup and Replication\Console\veeam.backup.shell.exe
rundll32.exe
vaultcli.dll;wlanapi.dll
combase.dll
cryptdll.dll
imm32.dll
logoncli.dll
netapi32.dll
ntasn1.dll
ntdsapi.dll
samlib.dll
shcore.dll
srvcli.dll
odbc32.dll;winhttp.dll;netapi32.dll;SHLWAPI.dll
C:\Windows\Explorer.EXE
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\ProgramData\
C:\ProgramData\
.exe
Adobe
C:\ProgramData\Lenovo\;C:\ProgramData\Cavelo\jre\bin\java.exe
C:\ProgramData\Microsoft\Windows Defender\
C:\ProgramData\sysmon\sysmon64.exe
C:\ProgramData\sysmon\sysmon.exe
C:\Users\Default\;C:\Users\Public\
.exe
C:\Users\Default\;C:\Users\Public\
.dll
56ceb6d0011d87b6e4d7023d7ef85676;4f2eb62fa529c0283b28d05ddd311fae;b91ce2fa41029f6955bff20079468448;b91ce2fa41029f6955bff20079468448;846e27a652a5e1bfbd0ddd38a16dc865;2c4a910a1299cdae2a4e55988a2f102e
SHA256=074eb0e75bb2d8f59f1fd571a8c5b76f9c899834893da6f7591b68531f2b5d82
SHA256=45c8233236a69a081ee390d4faa253177180b2bd45d8ed08369e07429ffbe0a9
SHA256=9ceca98c2b24ee30d64184d9d2470f6f2509ed914dafb87604123057a14c57c0
SHA256=29b75f0db3006440651c6342dc3c0672210cfb339141c75e12f6c84d990931c3
SHA256=c8c907a67955bcdf07dd11d35f2a23498fb5ffe5c6b5d7f36870cf07da47bff2
SHA256=76a2f2644cb372f540e179ca2baa110b71de3370bb560aca65dcddbd7da3701e
C:\Windows\System32\svchost.exe
false
Revoked
Expired
jscript9.dll
mshta.exe
scrobj.dll
crypt0.dll
C:\Windows\System32\wlanapi.dll
C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\System32\AppHostRegistrationVerifier.exe
C:\Windows\System32\CompatTelRunner.exe
C:\Windows\System32\DeviceCensus.exe
C:\Windows\System32\DriverStore\FileRepository\
C:\Windows\System32\LogonUI.exe
C:\Windows\System32\MoNotificationUx.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\dxgiadaptercache.exe
C:\Windows\System32\netsh.exe
C:\Windows\System32\wlanext.exe
C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_
C:\Windows\explorer.exe
python
C:\Windows\Microsoft.NET\assembly\GAC_MSIL
false
C:\Windows\Microsoft.NET\assembly\GAC_MSIL
true
C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe;C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe;C:\Program Files (x86)\Duo Device Health\Duo Device Health.exe
\Microsoft Office\
\mscorlib.ni.dll
\Microsoft Office\
\sppc.dll
C:\Windows\System32\svchost.exe
true
C:\Program Files (x86)\Kaspersky Lab
C:\Program Files\Kaspersky Lab
C:\Program Files (x86)\ESET
C:\Program Files\ESET
C:\ProgramData\Microsoft\Windows Defender\
Fortinet
Lenovo
Sophos
mscorsvw.exe
C:\Program Files (x86)\Microsoft Office\root\Office15\officebackgroundtaskhandler.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
C:\Program Files\Microsoft Office\root\Office15\officebackgroundtaskhandler.exe
C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
C:\Windows\SysWOW64\SearchProtocolHost.exe
C:\Windows\System32\InstallAgentUserBroker.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\SearchIndexer.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Windows\System32\backgroundTaskHost.exe
C:\Windows\System32\sppsvc.exe
C:\Windows\System32\taskhost.exe
C:\Windows\System32\taskhostw.exe
C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
HxTsr.exe
SearchUI.exe
C:\Program Files (x86)\Common Files\BIExcelFunctions1.1\32bit\Sage.
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Pfx.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Adist64.dll
C:\Program Files (x86)\Microsoft Office\Office15\Library\Analysis\ANALYS32.XLL
C:\Program Files (x86)\Microsoft Office\Office16\Library\Analysis\ANALYS32.XLL
C:\Program Files\Microsoft Office\Office15\Library\Analysis\ANALYS32.XLL
C:\Program Files\Microsoft Office\Office16\Library\Analysis\ANALYS32.XLL
C:\Windows\SysWOW64\sppc.dll
Microsoft.Office.Interop.VisOcx.dll
Microsoft.Office.Interop.Word.dll
Microsoft.Vbe.Interop.dll
OFFICE.DLL
0x001A0000
c:\windows\system32\lsass.exe
msiexec.exe
chrome.exe;firefox.exe;edge.exe;browser_broker.exe;iexplore.exe;opera.exe
0x001A0000
c:\windows\system32\lsass.exe
c:\windows\system32\lsass.exe
c:\windows\system32\rundll32.exe
DbgUiRemoteBreakin
nacl64.exe
QueryProcessDebugInformationRemote
nacl64.exe
isdebuggerpresent
nacl64.exe
DebugActiveProcess
nacl64.exe
LoadLibrary
C:\Program Files\Bitdefender\Endpoint Security\EPSecurityService.exe
C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\System32\DriverStore\FileRepository\
C:\Windows\System32\igfxEM.exe
C:\Windows\System32\igfxHK.exe
Enterprise\Common7\IDE\devenv.exe
C:\Program Files (x86)\ASUS\ROG Live Service\FileOperator.exe
C:\ProgramData\Microsoft\Windows Defender\Platform\;\MsMpEng.exe
CreateFileMapping;MapViewOfFile
LdrLoadDll
CryptAcquireContextA;CryptDecodeObjectEx;CryptImportPublicKeyInfo;CryptEncrypt;CryptGenKey;CryptDecrypt;CryptStringToBinary;CryptBinaryToString;CryptImportKey
c:\windows\system32\csrss.exe
CrtlRoutine
0B80
0C7C
0C88
c:\windows\system32\mstsc.exe
C:\WINDOWS\SYSTEM32\ntdll.dll
EtwEventWrite
C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
C:\Windows\system32\audiodg.exe
C:\Windows\system32\services.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\SHELL32.dll+9b5bd
\LocalBridge.exe
C:\Windows\System32\wshom.ocx+c8a0;C:\Windows\System32\wshom.ocx+c39d
C:\Windows\SYSTEM32\framedynos.dll+2cb3e
C:\Windows\system32\SgrmBroker.exe;C:\Windows\system32\SecurityHealthService.exe;C:\ProgramData\Microsoft\Windows Defender\platform\;C:\Windows\system32\services.exe;C:\Windows\system32\wininit.exe;C:\Windows\system32\sppsvc.exe;C:\Windows\System32\smss.exe;C:\Windows\system32\csrss.exe;C:\Windows\System32\svchost.exe
C:\Windows\SYSTEM32\framedynos.dll+2b496
C:\Windows\SYSTEM32\dbgcore.DLL+6cfb
C:\Windows\System32\KernelBase.dll+de67e
ntdll.dll+a0044
clr.dll+6c23;clr.dll+6b38
C:\Windows\\SYSTEM32\ntdll.dll+;|C:\Windows\System32\KERNELBASE.dll+;|UNKNOWN(
)
"UNKNOWN(;)|UNKNOWN(
)
"UNKNOWN
0x1F0FFF;0x1F1FFF;0x143A;0x1410;0x1010;0x1F2FFF;0x1F3FFF;0x1FFFFF
C:\Program Files;\Microsoft Office\Root\Office
\Microsoft Shared\VBA
C:\Program Files (x86)\Intuit\
C:\Windows\system32\lsass.exe
0x1FFFFF
UNKNOWN
WmiPerfClass.dll
C:\Windows\sysWOW64\wbem\wmiprvse.exe;C:\Windows\system32\wbem\wmiprvse.exe;C:\Program Files\VMware\VMware Tools\vmtoolsd.exe;C:\Program Files (x86)\VMware\VMware Tools\vmtoolsd.exe;WmiPerfClass.dll;C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\customhook\CoreSyncCustomHook.exe;C:\Program Files\Adobe\Adobe Sync\CoreSync\customhook\CoreSyncCustomHook.exe;C:\Program Files (x86)\Common Files\Adobe
C:\Windows\system32\lsass.exe
C:\Windows\system32\wsmprovhost.exe
C:\Windows\system32\lsass.exe
0x1FFFFF
python27.dll;_ctypes.pyd;KERNELBASE.dll;ntdll.dll
C:\Windows\system32\lsass.exe
C:\Windows\SYSTEM32\ntdll.dll+4595c|C:\Windows\system32\KERNELBASE.dll+8185
C:\Windows\system32\lsass.exe
C:\WINDOWS\SYSTEM32\ntdll.dll+
)
|C:\WINDOWS\System32\KERNELBASE.dll+;|UNKNOWN(
wow64.dll;)|C;Exchange.Diagnostics;Microsoft.Exchange
C:\Program Files\Bitdefender\Endpoint Security\EPSecurityService.exe;c:\windows\system32\inetsrv\w3wp.exe;MSExchangeHMHost.exe;C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\winlogon.exe
0x1F3FFF
C:\Windows\Microsoft.NET;UNKNOWN
C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe
.exe
C:\Windows\sysmon64.exe;C:\Windows\sysmon64.exe
0x1C00
C:\Windows\system32\lsass.exe
0x1F1FFF
UNKNOWN
C:\Windows\system32\lsass.exe
0x1010
UNKNOWN
C:\Windows\system32\lsass.exe
0x143A
UNKNOWN
C:\Windows\system32\lsass.exe
0x1fffff
dbghelp.dll;dbgcore.dll
dbghelp.dll;dbgcore.dll
C:\Windows\system32\lsass.exe
C:\wfx32\
powershell.exe
C:\Programdata\sysmon\sysmon64.exe;C:\Programdata\sysmon\sysmon.exe;C:\Windows\sysmon.exe;C:\Windows\sysmon64.exe;\dismhost.exe
C:\WINDOWS\SYSTEM32\ntdll.dll+;|C:\WINDOWS\System32\KERNELBASE.dll+;|C:\ProgramData\Microsoft\Windows Defender\Platform\;\MPCLIENT.DLL;\MpOav.dll+;|C:\WINDOWS\SYSTEM32\amsi.dll
getasynckeystate
cmlua.dll
System.Management.Automation
C:\ProgramData\Microsoft\Windows Defender\platform\
ctiuser.dll
AutomationManager.ScriptRunner64.exe
C:\Program Files\Citrix\ConfigSync\ConfigSyncRun.exe
C:\Program Files\Microsoft\Exchange Server\V14\bin\ExSetupUI.exe
C:\Program Files\Microsoft\Exchange Server\V15\bin\ExSetupUI.exe
C:\Program Files\Microsoft\Exchange Server\V16\bin\ExSetupUI.exe
C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\Temp\ExchangeSetup\ExSetupUI.exe
C:\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe
C:\Program Files\Microsoft Azure Active Directory Connect\AzureADConnect.exe
C:\Windows\system32\HOSTNAME.EXE
C:\Windows\system32\ROUTE.exe
C:\Windows\system32\query.exe
MsMpEng.exe
C:\Windows\system32\lsass.exe
comsvcs.dll
VBE7.dll;VBEUI.DLL;VBE7INTL.DLL
VBE6.dll;VBEUI.DLL;VBE6INTL.DLL
Office
verclsid.exe
VBE7.dll;VBEUI.DLL;VBE7INTL.DLL
|UNKNOWN(
0x1FFFFF
C:\Program Files\Microsoft Office\Root\Office
C:\Windows\System32\KERNELBASE.dll+76516
C:\Windows\System32\SHELL32.dll+ae3b9
C:\WINDOWS\system32\sihost.exe
C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub
UNKNOWN
|UNKNOWN(
C:\WINDOWS\SYSTEM32\ntdll.dll+
|C:\WINDOWS\System32\KERNELBASE.dll+
)
C:\Program Files\SentinelOne\
0x1028;0x1fffff
C:\Program Files\SmartGit\bin\;C:\Program Files (x86)\ASUS\Update\;C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe;C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe;C:\WINDOWS\SysWOW64\config\systemprofile\Citrix\UpdaterBinaries\;C:\Program Files\Mozilla Firefox\firefox.exe;C:\Program Files\SmartGit\git;\Intel\Driver and Support Assistant\DSAService.exe;C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\;C:\Program Files (x86)\MspPlatform\RequestHandlerAgent\RequestHandlerAgent.exe;C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe;C:\ProgramData\Cavelo\jre\bin\java.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe;C:\Program Files\Cavelo\Cavelo Agent\parser.exe
C:\Windows\Microsoft.NET\Framework\;\NGenTask.exe
C:\Program Files (x86)\Duo Device Health\Duo Device Health.exe
\Intel\Driver and Support Assistant\
C:\Program Files\AMD\CNext\CNext\Radeonsoftware.exe;C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.UserSessionHelper.exe
C:\Windows\Microsoft.NET\Framework\;\ngen.exe
winword.exe;excel.exe;powerpnt.exe
:\Windows\Microsoft.NET\Framework64\v2.;UNKNOWN
UNKNOWN
0x147a
C:\Windows\Sysmon64.exe;C:\Windows\Sysmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe
C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
C:\ProgramData\Microsoft\Windows Defender\Platform\;\MsMpEng.exe;C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe;C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
0x1400
C:\Program Files\SentinelOne\
0x0800
0x0810
0x0820
0x810
0x820
cscript.exe
wscript.exe
jjs.exe
dump
mimikatz
CorperfmontExt.dll
wmiprvse.exe
lsass.exe
lsass.exe
winlogon.exe
lsass.exe
C:\Windows\system32\w32tm.exe;C:\Windows\System32\ping.exe;C:\Windows\System32\net.exe;C:\Windows\System32\net1.exe;C:\Windows\SYSTEM32\HOSTNAME.EXE;C:\Programdata\sysmon\sysmon.exe;C:\Programdata\sysmon\sysmon64.exe;C:\Program Files\Windows Defender\MsMpEng.exe;C:\Program Files (x86)\BeAnywhere Support Express\;C:\Program Files (x86)\CheckPoint\;C:\Program Files (x86)\Common Files\Intuit\QuickBooks\;C:\Program Files (x86)\Fortinet\;C:\Program Files (x86)\Trend Micro\;C:\Program Files\Adobe\Adobe Creative Cloud Experience\;C:\Program Files\CheckPoint\;C:\Program Files\Fortinet\;C:\Program Files\Realtek;C:\Program Files\Trend Micro\;C:\ProgramData\Microsoft\Windows Defender\platform\;C:\Program Files (x86)\Lenovo\;snmpd.exe;taskmgr;:\Windows\System32\smss.exe;:\Windows\system32\wininit.exe;\Bin\FMS.exe; \EMET_GUI.exe;\EMET_Service.exe;\Google\Update\GoogleUpdate.exe;\RAAGTAPP.EXE;\controls\cef\ConnectWise.exe;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;C:\Program Files\Hewlett-Packard\AMS\service\hpqams.exe;C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe;C:\Program Files\VMware\VMware Tools\vmtoolsd.exe;C:\Program Files\Windows Defender\MsMpEng.exe;C:\WINDOWS\system32\WerFault.exe;C:\WINDOWS\system32\taskkill.exe;C:\Windows\SysWOW64\WerFault.exe;C:\Windows\System32\snmp.exe;C:\Windows\system32\msiexec.exe;C:\Windows\system32\spoolsv.exe;C:\Windows\system32\svchost.exe
:\Windows\system32\sppsvc.exe
:\Windows\system32\sdiagnhost.exe
UNKNOWN(00007F
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\SYSTEM32\win32u.dll
C:\Windows\SYSTEM32\wow64win.dll
C:\Program Files (x86)\Kaspersky Lab
C:\Program Files\Kaspersky Lab
C:\Program Files (x86)\ESET
C:\Program Files\ESET
C:\ProgramData\Microsoft\Windows Defender\
\TEMP\nessus_
solarwinds.businesslayerhost
.exe;.dll;.ps1;.mz;.jpg;.png
C:\WINDOWS\SysWOW64\netsetupsvc.dll
C:\Windows\SoftwareDistribution
C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch
.exe
C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
proj
.targets
.build
.props
.tasks
.sln
.cs
.bat
.btm
.cmd
.com
.cmdline
.bas
.bin
C:\Windows\System32\WUDFHost.exe
C:\Windows\SysWOW64\Wbem
C:\Windows\System32\Wbem
.ws
.wsc
.wsf
.wsh
.pif
.hta
IronPython
.py
.pyc
.pyd
.cdxml
.ps1
C:\Program Files (x86)\N-Able Technologies\AutomationManagerEngine\2.70.0.4\AutomationManager.ScriptRunner64.exe
.ps1xml
.psc1
.psd1
.psm1
AutomationManager.ScriptRunner64.exe
.pssc
powershell.exe;powershell_ise.exe
\Recent\CustomDestinations\
C:\Windows\SysWOW64\WindowsPowerShell
C:\Windows\System32\WindowsPowerShell
c:\Windows\System32\WindowsPowerShell\v1.0\profile
c:\Windows\Syswow64\WindowsPowerShell\v1.0\profile
\UsageLogs\powershell.exe.log
PSReadLine\ConsoleHost_history.txt
.vbs
.oracle_jre_usage\
.js
.jse
.vb
.vbe
.vbsript
Report.wer.tmp
\WER\
C:\Windows\system32\wermgr.exe
winword.exe;excel.exe;powerpnt.exe;outlook.exe;msaccess.exe;mspub.exe;visio.exe;notepad.exe;wordpad.exe;eqnedt32.exe;wordview.exe
.exe
C:\Users
winword.exe;excel.exe;powerpnt.exe;outlook.exe;msaccess.exe;mspub.exe;visio.exe;notepad.exe;wordpad.exe;eqnedt32.exe;wordview.exe
.dll
C:\Users
!!!-WARNING-!!!.html;!!!-WARNING-!!!.txt;!!! HOW TO DECRYPT FILES !!!;!!!README!!!;!!!READ_TO_UNLOCK!!!.TXT;!!!_READ_ME_;!Recovery_;!Where_are_my_files!.html;!_HOW_TO_RESTORE_;!_RECOVERY_HELP_!.txt;!recover!;# DECRYPT MY FILES #.html;# DECRYPT MY FILES #.txt;# DECRYPT MY FILES #.vbs;# SATAN CRYPTOR #;+recover+;.8lock8;.31392E30362E32303136_;.ABCDEF;.CIop;.CR1;.CRAB;.CRYPTOSHIELD;.Cl0p;.Contact_Here_To_Recover_Your_Files.txt;.CryptoTorLocker2015!;.HERMES;.HakunaMatata;.How_To_Decrypt.txt;.How_To_Get_Back.txt;.KEYZ.KEYH0LES;.L0CKED;.LOL!;.MATRIX;.OMG!;.R.i.P;.RMCM1;.RSplited;.SUPERCRYPT;.SecureCrypted;.TheTrumpLocker;.VBRANSOM;.VforVendetta;.Where_my_files.txt;.XBTL;._AiraCropEncrypted!;.airacropencrypted!;.areyoulovemyrans;.berkshire;.bitpy;.bitx;.blocatto;.bomber;.braincrypt;.breakingbad;.breeding123;.cerber;.cifgksaffsfyghd;.country82000;.crypt;.crypted;.crypton;.cryptotorlocker;.decrypt2017;.deria;.dglnl;.disposed2017;.doomed;.encrypted.locked;.encrypted;.encryptedyourfiles;.enjey;.evillock;.filegofprencrp;.fileiscryptedhard;.firecrypt;.fuckyourdata;.gangbang;.gefickt;.googl;.happydayzz;.hceem;.helpdecrypt;.helpmeencedfiles;.hnumkhotep;.hydracrypt_ID;.iaufkakfhsaraf;.info.txt;.jimm;.kharma;.killedXXX;.lambda_l0cked;.letmetrydecfiles;.locked;.locker16;.loveransisgood;.lovewindows;.magic_software_syndicate;.mention9823;.moments2900;.myrandsext2017;.newlock;.no_more_ransom;.nochance;.noproblemwedecfiles;.notfoundrans;.ohwqg;.one-we_can-help_you;.oops;.osiris;.otherinformation;.paytounlock;.powerfulldecrypt;.powned;.pr0lock;.prolock;.prosperous666;.pwnd;.ransom;.readme2unlock;.righ;.roger;.ryk;.satan;.savethequeen;.sigaint.org;.skjdthghh;.skynet;.snatch;.stubbin;.supported2017;.suppose666;.theworldisyours;.txd0t;.warn_wallet;.weapologize;.weareyourfriends;.weencedufiles;.wowreadfordecryp;.wowwhereismyfiles;.wvtr0;.yourransom;.zzzzz ;.{CRYPTENDBLACKDC};-DECRYPT.txt;000-IF-YOU-WANT-DEC-FILES;000-No-PROBLEM-WE-DEC-FILES;000-PLEASE-READ-WE-HELP;001-READ-FOR-DECRYPT-FILES;1025-7152.exe;:\windows\update_collector.exe;=READ=THIS=PLEASE=;@cock.li;@countermail.com;@firemail.cc;@india.com;@mail.ru;@ukr.net;ASSISTANCE_IN_RECOVERY;ATTENTION!!!.txt;ATTENTION.url;Aescrypt.exe;AllFilesAreLocked;BTC_DECRYPT_FILES;BUYUNLOCKCODE.txt;BUYUNLOCKCODE;BitCryptorFileList.txt;C:\ProgramData\dtb.dat;C:\Programdata\WinMgr;C:\Programdata\clean.bat;C:\Programdata\run.bat;C:\Windows\svchost.exe;CEBER3;CHECK-IT-HELP-FILES;COME_RIPRISTINARE_I_FILE.;COMO_ABRIR_ARQUIVOS.txt;COMO_RESTAURAR_ARCHIVOS;Coin.Locker.txt;Comment débloquer mes fichiers.txt;Como descriptografar seus arquivos.txt;Corona-virus-Map;Corona.bat;Corona.sfx;CryptoRansomware;Crytp0l0cker;Cyber SpLiTTer Vbs.exe;Cyborg_DECRYPT;DALE_FILES.TXT;DECRYPT-FILES;DECRYPTION INSTRUCTIONS.;DECRYPTION_HOWTO.Notepad;DECRYPT_INFORMATION;DECRYPT_INSTRUCTION.HTML;DECRYPT_INSTRUCTION.URL;DECRYPT_INSTRUCTIONS.html;DECRYPT_INSTRUCTIONS;DECRYPT_ReadMe1.TXT;DECRYPT_Readme.TXT.ReadMe;DECRYPT_YOUR_FILES;DESIFROVANI_POKYNY.html;Decrypt All Files;DecryptAllFiles;DecryptFile;Decrypt_readme.txt;DesktopOsiris;ENTSCHLUSSELN_HINWEISE.html;EdgeLocker;FILESAREGONE.txt;FILES_BACK.txt;File Decrypt Help.html;GJENOPPRETTING_AV_FILER;GetYouFiles.txt;HAPPEN-ENCED-FILES;HELLOTHERE.TXT;HELP-ME-ENCED-FILES;HELPDECRYPT_YOUR_FILES.HTML;HELP_DECRYPT.HTML;HELP_DECRYPT.PNG;HELP_DECRYPT.URL;HELP_DECRYPT.lnk;HELP_ME_PLEASE.txt;HELP_RESTORE_FILES_;HELP_TO_SAVE_FILES.bmp;HELP_TO_SAVE_FILES;HELP_YOURFILES.HTML;HELP_YOUR_FILES.PNG;HELP_YOUR_FILES.html;HELP_YOUR_FILES;HOW-TO-DECRYPT-FILES.HTML;HOW-TO-RESTORE-FILES;HOW TO BACK YOUR FILES;HOW TO DECRYPT FILES.HTML;HOW TO DECRYPT FILES.txt;HOW TO RECOVER;HOWTO_RECOVER_FILES_;HOWTO_RESTORE_FILES;HOWTO_RESTORE_FILES_;HOW_DECRYPT.HTML;HOW_DECRYPT.TXT;HOW_DECRYPT.URL;HOW_OPEN_FILES;HOW_TO_DECRYPT.HTML;HOW_TO_DECRYPT_;HOW_TO_PAY_THE_RANSOM;HOW_TO_RESTORE_FILES.html;HOW_TO_RESTORE_FILES;HOW_TO_RESTORE_YOUR_DATA;HOW_TO_UNLOCK_FILES_README_;HWID Lock.exe;Hacked_Read_me_to_decrypt_files.html;Help Decrypt.html;How decrypt files.hta;How to decrypt LeChiffre files.html;How to decrypt your data.txt;HowDecrypt.gif;HowDecrypt.txt;How_to_decrypt_your_files.jpg;How_to_restore_files.hta;HowtoRestore_File;HowtoRestore_Files;Howto_RESTORE_FILES.html;Howto_Restore_FILES.TXT;IAMREADYTOPAY.TXT;IF-YOU-WANT-DEC-FILES;IF_WANT_FILES_BACK_PLS_READ.html;IHAVEYOURSECRET.KEY;IMPORTANT READ ME.txt;IMPORTANT.README;INSTALL_TOR.URL;INSTRUCCIONES;INSTRUCCIONES_DESCIFRADO.html;INSTRUCTION RESTORE FILE;INSTRUCTIONS_DE_DECRYPTAGE.html;INSTUCCIONES_DESCRIFRADO;ISTRUZIONI_DECRITTAZIONE.html;Important!.txt;Instructionaga.txt;KryptoLocker_README.txt;LEER_INMEDIATAMENTE;LET-ME-TRY-DEC-FILES;Locked-by-Mafia;MENSAGEM.txt;MERRY_I_LOVE_YOU_BRUCE.hta;No-PROBLEM-WE-DEC-FILES;OKSOWATHAPPENDTOYOURFILES.TXT;ONTSLEUTELINGS_INSTRUCTIES.html;OSIRIS-;PAYLOADBIN;PINGY@INDIA.COM;PLEASE-READ-WE-HELP.;PLEASE-READIT-IF_YOU-WANT.html;PLEASE-READIT-IF_YOU-WANT;PLEASE-README-AFFECTED-FILES;PLS-DEC-MY-FILES;PURELOCKER;Payment_Instructions.jpg;Please Read Me!!!;READ-FOR-DECCCC-FILESSS;READ-FOR-DECRYPT-FILES;READ-READ-READ;READ IF YOU WANT YOUR FILES BACK.html;READ ME FOR DECRYPT.txt;README HOW TO DECRYPT YOUR FILES.HTML;README!!!;README_DECRYPT_HYDRA_ID_;README_DECRYPT_HYRDA_ID_;README_DECRYPT_UMBRE_ID_;README_DONT_DELETE;README_HOW_TO_UNLOCK.HTML;README_HOW_TO_UNLOCK.TXT;README_RECOVER_FILES_;README_TO_RECURE_YOUR_FILES;READTHISNOW!!!.txt;READ_IT.txt;READ_ME_!.txt;READ_ME_TO_DECRYPT_YOU_INFORMA;READ_THIS_TO_DECRYPT.html;RECOVER-FILES;RECOVERY_FILE.;RECOVERY_FILES.TXT;RECOVER_MY_FILE;RESTORE_CORUPTED_FILES;RESTORE_FILES_;RETURN FILES.txt;RETURN YOUR FILES;RETURNFILES_.txt;RETURN_FILES.txt;RETURN_FILES_.txt;Rans0m_N0te_Read_ME;Read Me (How Decrypt) !!!!.txt;ReadDecryptFilesHere;Read_this_file.txt;Receipt.exe;RecoveryManual.html;Recovery_File_;Recovery_file_;Rooster865qq;SECRET.KEY;SECRETIDHERE.KEY;SHTODELATVAM.txt;SIFRE_COZME_TALIMATI.html;SORRY-FOR-FILES;Survey Locker.exe;TRY-READ-ME-TO-DEC;Temp\satan\satan;ThxForYurTyme;UNLOCK_FILES_INSTRUCTIONS.html;UNLOCK_FILES_INSTRUCTIONS.txt;UnblockFiles.vbs;VIP72.exe;Vape Launcher.exe;WANT_FILES_BACK;WE-MUST-DEC-FILES;WHERE-YOUR-FILES;WORMKILLER@INDIA.COM.XTBL;What happen to my files.txt;Whereisyourfiles;WindowsApplication1.exe;YOUGOTHACKED.TXT;YOUR_FILES.txt;YOUR_FILES.url;YOUR_FILES_ARE_DEAD;YOUR_FILES_ARE_ENCRYPTED.HTML;YOUR_FILES_ARE_ENCRYPTED.TXT;YOUR_FILES_ARE_LOCKED.txt;Your files are locked !!!!.txt;Your files are locked !!!.txt;Your files are locked !!.txt;Your files are locked !.txt;Your files encrypted by our friends !!! txt;Your files encrypted by our friends !!!.txt;[KASISKI];_Adatok_visszaallitasahoz_utasitasok;_DECRYPT_ASSISTANCE_;_DECRYPT_INFO_;_DECRYPT_INFO_szesnl;_DEC_FILES.;_FILES_WERE_ENCRYPTED_@.TXT;_HELP_HELP_HELP_;_HELP_Recover_Files_;_HELP_instructions.bmp;_HELP_instructions.txt;_HOWDO_text.bmp;_HOWDO_text.html;_HOW_TO_Decrypt;_H_e_l_p_RECOVER_INSTRUCTIONS+;_H_e_l_p_RECOVER_INSTRUCTIONS;_Locky_recover;_Locky_recover_instructions.bmp;_Locky_recover_instructions.txt;_README.hta;_README.jpg;_READ_ME!;_RECOVER_INSTRUCTIONS;_ReCoVeRy_+;_USE_TO_FIX_;_WHAT_is.html;_help_instruct;_how_recover.txt;_how_recover;_how_recover_;_recover_;_secret_code.txt;_steaveiwalker@india.com_;aeroware;confirmation.key;contains(to_string($message.file_created), "howrecover+;crjoker.html;cryptinfo.txt;cryptolocker.;cryptopp;de_crypt_readme.;de_crypt_readme.bmp;de_crypt_readme.html;de_crypt_readme.txt;decipher_ne;decrypt-instruct;decrypt explanations.;decrypt my file;decrypt your file;decrypt_Globe;decrypt_instruct;decrypted_files.dat;decryptional;decryptmyfiles;decypt_your_files.html;default32643264.bmp;default432643264.jpg;email-salazar_slytherin10;enc_files.txt;encryptor_raas_readme_liesmich;enigma.hta;enigma_encr.txt;exit.hhr.obleep;fattura_;file0locked;files_are_encrypted.;-filesencrypted;firemail.cc;firstransomware.exe;gmx.de;hacks.at.sigaint.org;help-file-decrypt.enc;help_decrypt;help_file_;help_instructions.;help_my_files;help_recover;help_recover_instructions;help_restore;help_restore_files;help_your_file;helpmeencedfiles;how to decrypt aes files.lnk;how to decrypt;how to get data.txt;how_decrypt.gif;how_recover;how_to_decrypt;how_to_recover;howrecover+ recoveryfile_;howrecover+;howto_recover_file;howto_restore;howtodecrypt;howtodecryptaesfiles.txt;inbox.ru;info@kraken.cc_worldcza@email.cz;install_tor;iran.ir;last_chance.txt;maestro@pizzacrypts.info;maxcrypt.bmp;only-we_can-help_you;openforyou@india.com;opensourcemail.org;padcrypt;paycrypt.bmp;popcorn_time.exe;powerfulldecrypt;protonmail.ch;qbmail.biz;randomname;readme_decrypt;readme_for_decrypt;readme_liesmich_encryptor_raas;recover_file;recover_file_;recover_instruction;recoverfile;recoverfile_;recovery+;recovery_file.txt;recovery_key.txt;recoveryfile;recover}-;restore_files.txt;restorefiles;restorefiles_;ryukreadme.html;tuta.io;tutanota.com;tutanota.de;unCrypte;vault.hta;vault.key;vault.txt;want your files back.;warning-!!;wie_zum_Wiederherstellen_von_Dateien.txt;wowreadfordecryp;wowwhereismyfiles;zXz.html;zycrypt.;zzzzzzzzzzzzzzzzzyyy
C:\Users\;\Google\Chrome Beta\User Data\;\IndexedDB\
C:\Program Files\WindowsApps\Microsoft.YourPhone_;C:\Program Files\dotnet\shared\Microsoft.NETCore.App\;\Microsoft.NET\assembly\GAC_MSIL
\System.Security.Cryptography
Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe
crackmapexec
\Crypto.Cipher._AES.pyd
\Crypto.Cipher._DES.pyd
\Crypto.Hash._SHA256.pyd
\Crypto.Random.OSRNG.winrandom.pyd
\Crypto.Util.strxor.pyd
\crackmapexec.exe.manifest
\greenlet.pyd
BootStrapDLL.dll
C:\windows\temp\wininit.exe
lazycat;powerkatz;mimikatz;mimidrv;mimilove;mimilib;mimikittenz;mimiauth;invoke-mimi
rdpwrap.dll
winspool.drv
C:\Windows\System32\Wbem
C:\Windows\SysWOW64\Wbem
C:\WINDOWS\system32\wbem\scrcons.exe
\Programs\Startup\
\Startup\
\Word\STARTUP\
\Microsoft\Templates\
\Excel\XLSTART\
.dotm
.XLSB
C:\Windows\Tasks\
RedirSuiteServiceProxy.aspx
w3wp.exe
.aspx
w3wp.exe
.asp
w3wp.exe
.ashx
w3wp.exe
.php
w3wp.exe
.aaa
\wwwroot\aspnet_client\;\FrontEnd\HttpProxy\owa\auth
.aspx;.php;.ashx
w3wp.exe
.ps1
w3wp.exe
.bat
w3wp.exe
.dll
w3wp.exe
.vbs
w3wp.exe
.hta
\wwwroot\
\wwwroot\aspnet_client\;jpg
.asp
\wwwroot\
.aspx
\wwwroot\
\ecp\auth\
\oab\auth\
ClientAccess\Owa\
\owa\auth\
httpproxy\rpc\
ClientAccess\ecp\
\htdocs\
.SPL
spoolsv.exe;printfilterpipelinesvc.exe;printisolationhost.exe;splwow64.exe;msiexec.exe;poqexec.exe
spoolsv.exe
.exe
C\:\Windows\System32\spool\;C\:\Windows\Temp\;C\:\Users\
msiexec.exe
\Microsoft\Edge\Application
elevation_service.exe
\LocalState\rootfs\
C:\PerfLogs\
C:\Temp\
C:\Users\Default\
C:\Users\Public\
C:\Windows\System32\WUDFHost.exe
C:\Windows\Temp\
C:\Program Files\SentinelOne\
C:\Program Files\Cavelo\Cavelo Agent\osqueryi.exe;C:\Program Files\Cavelo\Cavelo Agent\parser.exe;C:\Program Files\Cavelo\Cavelo Agent\tesseract\tesseract.exe;AutomationManager.ScriptRunner64.exe
\AppData\Temp\
$Recycle.Bin
$Recycle.Bin
C:\Windows\
\config\systemprofile\
C:\Windows\
\config\systemprofile\
.exe
.7z.exe
.doc.exe
.doc.exe
.docx.exe
.ico.exe
.iso.exe
.lnk.exe
.pdf.exe
.ppt.exe
.pptx.exe
.rar.exe
.rtf.exe
.txt.exe
.xls.exe
.xlsx.exe
.zip.exe
______.exe
.chm
proj
.sln
UMWorkerProcess.exe;UMService.exe
.
.log;.cfg;.txt;cleanup;.HealthCheck;\wp.active;.db
.7z
.7zip
.arj
.s7z
.a
.ace
.ar
.arc
.bin
C:\Windows\System32\WUDFHost.exe
.cab
.pak
.gz
.img
.iso
.lzm
.lzma
Temp\Rar$
.rar
RarSFX
.sfx
.sz
.tar
.tar.gz
.tgz
.xz
.zip
.ost
.eml
.msg
.pst
Г;И;К;П;д;и;к;л;л;н;н;о;ф;ե;թ;յ;ն;ն;ն;ն;տ;ւ;ք
Teamviewer.exe
rundll32.exe
mstsc.exe
cmd.exe
ipy.exe
WScript.exe
cscript.exe
mshta.exe
python.exe
wmic.exe
C:\Users\Default\;C:\Users\Public\
.dll
C:\Users\Default\;C:\Users\Public\
.exe
HiddenService
torrc
\tor.exe
tor-gencert
rclone
s3browser
grabff.exe
grabff.exe
RESTORE_;_FILES.txt
DECRYPT_;_FILES.txt
\run.dat;\task.dat;\storage.dat
AppData
Symantec
BlueJeans
VBoxRT.dll;VboxC.dll
Content.IE5;INetCache
.exe;.zip;.ps1;.bat;.rar;.dll
MSForms.exd
.exe
C:\windows\system32\
.exe
C:\windows\
\system32\
.dll;.exe
C:\windows\
C:\Users\
C:\Program Files\WindowsApps\
C:\Program Files (x86)\MspPlatform\FileCacheServiceAgent\FileCacheServiceAgent.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe
.dll;.exe
C:\Users\
C:\Users\*\AppData\Local\Microsoft\Teams\Update.exe
\Microsoft\Word\Startup\
.wll
C:\windows\system32\CodeIntegrity\
\Microsoft\Excel\Startup\
.xll
\Microsoft\Outlook\VbaProject.OTM
\Microsoft\Addins\
.xla
.vsto
.bat
C:\Windows\
C:\ProgramData\Lenovo\SystemUpdate\sessionSE\
.dll
C:\Windows\
.sys
C:\Windows\
.exe
C:\Windows\
C:\Windows\System32\;C:\windows\syswow64\
.exe
C:\Windows\System32\
.exe
C:\Windows\SysWow64\
.theme
\Packages\oice_
VirtualboxVM.exe
notepad++.exe
.lnk:Zone.Identifier
\UsageLogs\cscript.exe.log
\UsageLogs\mshta.exe.log
\UsageLogs\msiexec.exe.log
\UsageLogs\regsvr32.exe.log
\UsageLogs\rundll32.exe.log
\UsageLogs\svchost.exe.log
\UsageLogs\wmic.exe.log
\UsageLogs\wscript.exe.log
\regsvr32.exe.log
\UsageLogs\wsmprovhost.exe.log
.lnk
.url
.sys
.inf
C:\Windows\SysWOW64\Drivers
C:\Windows\System32\Drivers
\Drivers\
.drv
.xlam
.xlsm
.xla
.xll
.xls
.xlsb
.xlsx
.xlt
.xltm
.xlw
\Microsoft\Templates\
.eml
.msg
.potm
.pptm
.sldm
\Microsoft\Office\Recent
oleObject
\Recent\CustomDestinations\
\Downloads\
\Content.Outlook\
.docb
.wbk
.ped
.dot
.dotx
.doc
.docm
.docx
.accdb
.accde
.accdr
.accdt
.mdb
.mde
.msc
.mst
.potx
.ppam
.ppsm
.ppsx
.ppt
.pptm
.pptx
.pub
.sldm
.sldx
.xls
.xps
.pem
.crt
.ca-bundle
.cer
.csr
.der
.p7b
.p7r
.p7s
.pfx
.sto
.p12
.crl
.sst
SentinelAgent.exe
.key
.hlp
ACLUI.DLL.UI
ACLUI.DLL
AFLogVw.exe
AShld.exe
AShldRes.DLL.asr
AShldRes.DLL
AhnI2.dll
CamMute.exe
CommFunc.dll
CommFunc.jax
DESqmWrapper.dll
DESqmWrapper.wrapper
FSPMAPI.dll.fsp
FSPMAPI.dll
Gadget.exe
LoLTWLauncher.exe
Mc.exe
McUtil.dll.ping
McUtil.dll.url
McUtil.dll
MpSvc.dll
MsMpEng.exe
NtUserEx.dat
NtUserEx.dat
NtUserEx.dll
NtUserEx.dll
NvSmart.exe
NvSmartMax.dll
NvSmartMax.dll
NvSmartMaxapp.dll
OInfo11.ISO
OInfo11.ocx
OInfoP11.exe
OleView.exe
OleView.exe
POETWLauncher.exe
RasTls.dll.config
RasTls.dll.msc
RasTls.dll
RasTls.exe
RunHelp.exe
Sidebar.dll.doc
Sidebar.dll
Ushata.dll
Ushata.exe
Ushata.fox
VeetlePlayer.exe
boot.ldr
chrome_frame_helper.dll.rom
chrome_frame_helper.dll
chrome_frame_helper.exe
dvcemumanager.exe
fsguidll.exe
fslapi.dll.gui
fslapi.dll
fsstm.exe
hccutils.dll.res
hccutils.dll
hha.dll.bak
hha.dll
hhc.exe
hkcmd.exe
iviewers.dll
jli.dll
libvlc.dll
mPclient.dll
mcf.ep
mcf.exe
mcupdui.exe
mcut.exe
mcutil.dll.bbc
mcvsmap.exe
msi.dll.dat
msi.dll
msseces.asm
msseces.exe
mtcReport.ktc
rc.dll
rc.exe
rc.hlp
sep_NE.exe
sep_NE.slf
tplcdclr.exe
winmm.dll
wts.chm
credwiz.exe
ssMUIDLL.dll
aepic.dll
ftllib.dll
userenv.dll
\Terminal Server Client\Cache\
C:\Windows\Prefetch
\\tsclient
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\
\Temp\debug.bin
Temp\7z
C:\Windows\AppPatch\Custom
.chm
.cpl
.mht
\Chrome\User Data\Default\Extensions\
.crx
.appref-ms
.gadget
.JSE
.exe
.scf
Exchange Server\ClientAccess\Owa\
\Device\HarddiskVolumeShadowCopy
.zip\
.FON
.FOT
C:\Windows\System32\GroupPolicy\Machine\Scripts
C:\Windows\System32\GroupPolicy\User\Scripts
.iqy
.ico
.isp
.msc
.manifest
MEMORY.dmp
.msi
.cs
.customDestinations-ms
C:\Windows\Minidump
.PAF
.bmc
.rdp
.rtf
.reg
.SHS
.slk
.SCR
.set
.SettingContent-ms
.SHD
.SPL
.scr
HammerDrillStatus.dll
Microsoft\Windows\WER\
.ICL
.sdb
.SCT
.SHB
Temp\Temp1_
\Microsoft\;CLR_v;\UsageLogs\
.ade
.adp
.application
.appref-ms
.asc
.bmf
.cer
.dmp
.gpg
.htm
.html
.json
SentinelRanger.exe
.jsp
.key
.mof
.ocx
.p7b
.p12
.pem
.pfx
.pgp
.php
.ppk
.war
.xml
C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\NableUpdateService.exe;C:\Program Files (x86)\N-able Technologies\Reactive\bin\NableReactiveManagement.exe;C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe;C:\Program Files (x86)\MspPlatform\FileCacheServiceAgent\FileCacheServiceAgent.exe;AutomationManager.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe
Software\Famatech\advanced_ip_scanner\State
LastRangeUsed
SetValue
\Software\Microsoft\Terminal Server Client
DefaultPrinter
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}
SetValue
HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}
SetValue
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}
SetValue
HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}
SetValue
HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974
SetValue
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}
SetValue
HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}
SetValue
HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}
SetValue
Root\InventoryDevicePnp;prod_virtual_dvd-rom
SetValue
MountedDevices
Mountpoints2
Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\
LoggedOnUser
LastLoggedOnUser
LastLoggedOnProvider
HKCR\ms-msdt\
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics\TurnOffCheck
DWORD (0x00000001)
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
\print\
\AzureAttestService\CoInitializeSecurityParam
C:\$WINDOWS.~BT\
\AccessVBOM
C:\Windows\system32\svchost.exe;C:\WINDOWS\system32\mmc.exe;C:\Windows\system32\userinit.exe
Security\VBAWarnings
C:\Windows\system32\svchost.exe;C:\WINDOWS\system32\mmc.exe;C:\Windows\system32\userinit.exe
Security\VBAWarnings
C:\Windows\system32\svchost.exe;C:\WINDOWS\system32\mmc.exe;C:\Windows\system32\userinit.exe
EXCEL.exe;WINWORD.exe
{8BD21D32-EC42-11CE-9E0D-00AA006002F3};{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
HKCU\di
HKCU\�
HKLM\SOFTWARE\Microsoft\AMSI\Providers\
hklm\software\microsoft\windows script\settings\amsienable
hkcu\software\microsoft\windows script\settings\amsienable
Google\Chrome\Extensions
update_url
SetValue
Google\Chrome
extensions.settings
SetValue
ForcePasswordReset
HKLM\SECURITY\Policy\Secrets\$MACHINE.ACC\CurrVal
HKLM\SAM\SAM\DOMAINS\Account\Users\
Last Password Change
HKLM\SAM\SAM\DOMAINS\Account\Users\
Account Expiration
HKLM\SAM\SAM\DOMAINS\Account\Users\
Last Failed Logon
HKLM\SAM\SAM\Domains\Builtin\Aliases\00000220\
HKLM\SAM\SAM\Domains\Builtin\Aliases\0000022B\
SOFTWARE\Microsoft\Wow64\x86\
SetValue
\CurrentVersion\Run\
C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe;\AppData\Local\Microsoft\Teams\current\Teams.exe;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Drive File Stream;\GoogleDriveFS.exe;startup_mode
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe;no-startup-window;win-session-start;prefetch
\Application\chrome.exe;no-startup-window;win-session-start;prefetch
\SentinelUI.exe" /minimized
C:\Program Files (x86)\Duo Device Health\Duo Device Health.exe
\Microsoft\System\Scripts
\Windows\System\Scripts
HKLM\SYSTEM\Setup\CmdLine
\Start
DWORD (0x00000000)
\Start
DWORD (0x00000001)
\Start
DWORD (0x00000002)
\Start
DWORD (0x00000003)
\Start
DWORD (0x00000004)
\ImagePath
\ServiceDll
\ServiceManifest
hkcu\software\microsoft\windows nt\currentversion\windows\run\
hkcu\software\microsoft\windows\currentversion\explorer\shell folders\common startup
hkcu\software\microsoft\windows\currentversion\explorer\shell folders\startup
hklm\software\microsoft\command processor\autorun
hkcu\software\microsoft\windows nt\currentversion\accessibility\ATs\\*(1)\StartExe
Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Startup
\Print\Monitors
HKLM\SAM\SAM\DOMAINS\Account\Users\Names\
$
CreateKey
HKLM\SAM\SAM\DOMAINS\Account\Users\Names\
$
CreateKey
HKLM\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{5770385f-c22a-43e0-bf4c-06f5698ffbd9}
C:\WINDOWS\sysmon64.exe
C:\WINDOWS\sysmon.exe
C:\Programdata\sysmon\sysmon64.exe
HKCR\
(Default)
\shell\open\command\(Default)
URL:
HKCU\Software\Classes\
(Default)
\shell\open\command\(Default)
URL:
HKCR\
\shell\open\command\(Default)
%1
HKCU\Software\Classes\
\shell\open\command\(Default)
%1
\shell\open\command\DelegateExecute
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe
Session Manager\KnownDlls
Outlook\Addins
Word\Addins
Excel\Addins
Powerpoint\Addins
Software\Microsoft\VSTO\Security\Inclusion\
Software\Microsoft\VSTO\SolutionMetadata\
cmmgr32.exe
HKLU\Software\Microsoft\Command Processor\AutoRun
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute
HKLM\System\CurrentControlSet\Control\Session Manager\Execute
HKLM\Software\Wow6432Node\Microsoft\Command Processor\AutoRun
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
HKLM\Software\Microsoft\Command Processor\AutoRun
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit\
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup
UserInitMprLogonScript
HKLM\SYSTEM\CurrentControlSet\Control\BootVerificationProgram\ImagePath
HKLM\System\CurrentControlSet\Control\Lsa\Authentication Packages
HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
HKLM\System\CurrentControlSet\Control\Lsa\OSConfig\Authentication Packages
HKLM\System\CurrentControlSet\Control\Lsa\OSConfig\Notification Packages
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\Security Packages
\InprocServer32\(Default);\LocalServer32\(Default);\ScriptletURL\(Default)
C:\Users\Public\;$Recyclebin;\temp\;\Desktop\;\Downloads\;\Content.Outlook\;\Microsoft\Office\
C:\WINDOWS\SYSTEM32\UpdateDeploy.dll
\InprocServer32\(Default);\LocalServer32\(Default);\ScriptletURL\(Default)
C:\WINDOWS\SYSTEM32\UpdateDeploy.dll
\ProgID\(Default);\TreatAs\(Default)
\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Debugger;ReportingMode;MonitorProcess
\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
GlobalFlag
DWORD (0x00000200)
\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\
MonitorProcess
\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\
ReportingMode
DWORD (0x00000001)
\Microsoft\Windows NT\CurrentVersion\SilentProcessExit
CreateKey
\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules\
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{;}\EDGEMITMP_;.tmp\setup.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Microsoft Office\root\integration\integrator.exe
\Installer\setup.exe;C:\Program Files\Google\Chrome Beta\Application\
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\;\OfficeClickToRun.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree
SD
Microsoft\Windows\UpdateOrchestrator
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\SD
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Per-Machine Standalone Update Task\SD
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates\SD
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates Logon\SD
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Performance Monitor\SD
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\SnapshotCleanupTask\SD
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor\SD
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates 2.0\SD
Microsoft\Windows\UpdateOrchestrator;\AMDInstallLauncher\SD;\SD;ASUS Switch;\PowerToys\Autorun for
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree
ID
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks
Author
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks
Path
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks
Date
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot
SetValue
\Environment\
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
DWORD (0x00000000)
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
DWORD (0x00000000)
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop
DWORD (0x00000000)
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy
\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe
exefile\shell\runas\command\isolatedCommand
\Hidden
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist\
$
DWORD (0x00000000)
HKLM\SYSTEM\CurrentControlSet\Services\SysmonDrv\Parameters
C:\WINDOWS\sysmon64.exe
C:\WINDOWS\sysmon.exe
C:\Programdata\sysmon\sysmon64.exe
C:\Programdata\sysmon\sysmon.exe
C:\Windows\TEMP\sysmon.exe
C:\Windows\TEMP\SYS
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel
MitigationOptions;MitigationAuditOptions
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
MitigationOptions;MitigationAuditOptions
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vmcompute.exe\0\MitigationOptions
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vmwp.exe\0\MitigationOptions
msiexec.exe
TiWorker.exe
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
MitigationOptions;MitigationAuditOptions
C:\Program Files\Microsoft Office 15\root\integration\integrator.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Acro
DisableTaskMgr
C:\WINDOWS\system32\svchost.exe
C:\windows\SysWOW64\svchost.exe
HKLM\SYSTEM\CurrentControlSet\
\Instances\;Altitude
HKLM\System\CurrentControlSet\Services\CldFlt\Instances\CldFlt\Altitude
SetValue
\Security\Level
DWORD (0x00000001)
\Security\Level
DWORD (0x00000002)
\Security\Level
DWORD (0x00000003)
\Security\Level
DWORD (0x00000004)
\Outlook\Security
\Security\Level
\Word\Security
\Excel\Security
\Security\Level1Remove
\HideSCAHealth
HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
HKLM\SOFTWARE\Microsoft\Security Center\UacDisableNotify
HKLM\SOFTWARE\Microsoft\Security Center\DisableMonitoring
HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
HKLM\SOFTWARE\Microsoft\Security Center\FirewallOverride
HKLM\SOFTWARE\Microsoft\Security Center\AllAlertsDisabled
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\RPSessionInterval
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\SystemRestorePointCreationFrequency
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\FullSecureChannelProtection
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\SpyNetReporting
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\
\Enabled
DWORD (0x00000000)
C:\WINDOWS\system32\DrvInst.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\
\Enabled
DWORD (0x00000001)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\
\Enabled
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\
\ChannelAccess
(A;;0x1;;;SY);(A;;0x5;;;BA);(A;;0x1;;;LA)
C:\Windows\servicing\TrustedInstaller.exe;\TiWorker.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows\Powershell\ScriptBlockLogging
\EnableScriptBlockLogging
DWORD (0x00000000)
C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows\Powershell\ScriptBlockLogging
\EnableScriptBlockLogging
DeleteKey;DeleteValue
hklm\software\microsoft\windows\currentversion\policies\system\audit
\ProcessCreationIncludeCmdLine_Enabled
DWORD (0x00000000)
hklm\software\microsoft\windows\currentversion\policies\system\audit
\ProcessCreationIncludeCmdLine_Enabled
DeleteKey;DeleteValue
HKLM\System\CurrentControlSet\Services\Eventlog
\CustomSD
HKLM\System\CurrentControlSet\Services\Eventlog
\MaxSize
globallyopenports
EnableFirewall
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
\Microsoft\.NETFramework\ETWEnabled
DWORD (0x00000000)
\Microsoft\.NETFramework\NGenAssemblyUsageLog
SetValue
\Environment\NGenAssemblyUsageLog
SetValue
\Environment\COMPlus_ETWEnabled
\LastKey
SymbolicLinkValue
\Software\Microsoft\Windows\CurrentVersion\Explorer
\AppData\;\ProgramData\;\Temp\;C:\users
HKLM\System\CurrentControlSet\Control\SecurePipeServers\winreg
\Software\Policies\Microsoft\SystemCertificates\;\SOFTWARE\Microsoft\EnterpriseCertificates\;HKLM\SOFTWARE\Microsoft\SystemCertificates\;HKLM\Software\Microsoft\Cryptography\Services\ServiceName\SystemCertificates\
CreateKey
C:\WINDOWS\Sysmon64.exe
C:\WINDOWS\Sysmon.exe
C:\WINDOWS\system32\certsrv.exe
C:\WINDOWS\system32\CompatTelRunner.exe
C:\WINDOWS\system32\svchost.exe
C:\Windows\SysWOW64\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\windows\SysWOW64\svchost.exe
C:\WINDOWS\System32\DriverStore\FileRepository\asus
C:\ProgramData\Microsoft\Windows Defender\Platform\
C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe
C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
fDenyTSConnections
Terminal Server\WinStations\RDP-Tcp
RDP-tcp\PortNumber
Control\Terminal Server\fSingleSessionPerUser
�
Й;ќ;Л;я;К
HKLM\HARDWARE\ACPI\DSDT
SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\Account Name
SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\Display Name
SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\Email
SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\HTTP User
SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\IMAP User
SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\MAPI Provider
SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\POP3 User
SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\SMTP User
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword
SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\HTTP Password
SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\IMAP Password
SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\POP3 Password
SOFTWARE\Microsoft\Office\;\Outlook\Profiles\;\9375CFF0413111d3B88A00104B2A6676\;\SMTP Password
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultDomainName
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName
SecurityPasswordAES
OptionsPasswordAES
SecurityPasswordExported
PermanentPassword
HKLM\SOFTWARE\GitForWindows
HKLM\SAM\SAM\DOMAINS\Account\Users\Names\
DeleteKey
HKLM\SYSTEM\CurrentControlSet\Control\BitlockerStatus\BootStatus
DWORD (0x00000001)
HKLM\SYSTEM\CurrentControlSet\Control\BitlockerStatus\BootStatus
DWORD (0x00000000)
\Services\VSS\Diag\(Default)
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\Lanmanworkstation\Parameters
\LastKey
\WinStationsDisabled
\TSServerDrainMode
\TypedURLs
HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\disabledcomponents
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage\Bind
Binary Data
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards
services\http\parameters\urlaclinf
cRecentFiles\c1\
tDIText
\File MRU\Item 1
HKLM\System\CurrentControlSet\Services\SysmonDrv\Parameters\ConfigHash
HKLM\SOFTWARE\Classes\ CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunService
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
CurrentVersion\Windows\Load
CurrentVersion\Windows\Run
CurrentVersion\Winlogon\Shell
CurrentVersion\Winlogon\System
\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
SOFTWARE\Microsoft\.NETFramework\ETWEnabled
\Group Policy\Scripts
Terminal Server\Wds\rdpwd\StartupPrograms
Winlogon\AlternateShells\AvailableShells
Policies\System\Shell
Windows CE Services\AutoStartOnConnect
Windows CE Services\AutoStartOnDisconnect
CurrentVersion\URL
\CurrentVersion\Font Drivers
HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown
CurrentVersion\Windows\IconServiceLib
Active Setup\Installed Components
NullSessionShares
NullSessionPipes
PasswordExpiryNotification
SafeBoot\AlternateShell
Desktop\Scrnsave.exe
\DisplayVersion
\ModifyPath
\Microsoft\Windows\CurrentVersion\Uninstall\
\UninstallString
Terminal Server\WinStations\RDP-Tcp\InitialProgram
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
\Explorer\FileExts\
\shell\install\command\
\ProfileImagePath
\Classes\AllFilesystemObjects\
\Classes\*\
\Software\Microsoft\Ctf\LangBarAddin
\ContextMenuHandlers\
\CurrentVersion\Shell
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellIconOverlayIdentifiers
\Classes\Directory\
\Classes\Drive\
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks
\Classes\Folder\
\Hidden
\HideFileExt
\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
\SOFTWARE\Classes\Protocols\Filter
\SOFTWARE\Classes\Protocols\Handler
\SharedTaskScheduler
\ShowSuperHidden
\ColumnHandlers
\CopyHookHandlers
\ExtShellFolderViews
\PropertySheetHandlers
\ShellServiceObjectDelayLoad
\ShellServiceObjects
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\
HKLM\System\CurrentControlSet\Control\Session Manager\S0InitialCommand
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\InitialProgram
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\
\3\1809
\3\2500
\3\1206
\DisableSecuritySettingsCheck
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
HKLM\SYSTEM\CurrentControlSet\Services\WinSock\
\ProxyServer
SavedLegacySettings
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Proxy
EnableConsoleTracing
EnableFileTracing
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
HKLM\SOFTWARE\Microsoft\Netsh
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders\
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls\
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls\
Office Test\
\Internet Explorer\Toolbar\
\Internet Explorer\Extensions\
\Browser Helper Objects\
{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\
\UrlUpdateInfo
\InstallSource
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\
\Exclusions\Paths
\Exclusions\Extensions
\Exclusions\Processes
TamperProtection
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff
\Software\Policies\Microsoft\Windows\System\Scripts\Logoff
\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logon
\Software\Policies\Microsoft\Windows\System\Scripts\Logon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Shutdown
HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup
HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup
Domain
DHCPDefaultGateway
DhcpIPAddress
DhcpNameserver
Dhcpserver
DhcpSubnetMask
Nameserver
\DefaultGateway
PersistentRoutes
}\Category
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
SubnetMask
\Trusted Documents\TrustRecords
Software\Microsoft\VBA\7.1\Common
Software\Microsoft\VBA\7.1\Trusted
\Security\DontTrustInstalledFiles
\Security\Trusted Locations
Security\ProtectedView\DisableInternetFilesInPV
Security\ProtectedView\DisableAttachmentsInPV
Security\ProtectedView\DisableUnsafeLocationsInPV
Software\WinRAR\ArcHistory
WinZip\mru\
Recent File List
Outlook\WebView\Inbox
Outlook\Today\UserDefinedUrl
Outlook\WebView\Calendar
\Place MRU
\LinkDate
\DriverVerVersion
\DriverVersion
\LowerCaseLongPath
\Publisher
Compatibility Assistant\Store\
\BinProductVersion
Root\InventoryApplicationShortcut\
Root\InventoryDriverBinary
Root\InventoryDriverPackage
Root\InventoryDevicePnp
Root\InventoryDeviceContainer
Root\InventoryApplication\
ProgramID;Name;Version;Publisher;Language;InstallDate;Source;RootDirPath;HiddenArp;UninstallString;RegistryKeyPath;UserSID;sha256
Root\InventoryApplicationFile\
ProgramId;FileId;LowerCaseLongPath;Name;OriginalFileName;Publisher;Version;binfileversion;LinkDate;Size;Language;USN;IsPeFile;IsOsComponent;sha256;AppxPackageFullName
pingsender.exe
Root\InventoryApplicationAppV\
Root\InventoryMiscellaneousOfficeAddIn;Root\InventoryMiscellaneousOfficeIdentifiers;Root\InventoryMiscellaneousOfficeIESettings;Root\InventoryMiscellaneousOfficeInsights;Root\InventoryMiscellaneousOfficeProducts;Root\InventoryMiscellaneousOfficeSettings;Root\InventoryMiscellaneousOfficeVBA;Root\InventoryMiscellaneousOfficeVBARuleViolations
\Control\hivelist
\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume
Drive Type
DWORD (0x00000011)
\Explorer\MountPoints2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices
HKLM\System\CurrentControlSet\services\
\DeleteFlag
DWORD (0x00000001)
HKLM\System\CurrentControlSet\services\
\Type
DWORD (0x00000001)
HKLM\System\CurrentControlSet\services\
\Type
DWORD (0x00000002)
HKLM\System\CurrentControlSet\services\
\Type
DWORD (0x00000004)
HKLM\System\CurrentControlSet\services\
\Type
DWORD (0x00000020)
HKLM\System\CurrentControlSet\services\
\Type
DWORD (0x00000020)
HKLM\System\CurrentControlSet\services\
\Type
DWORD (0x00000100)
HKLM\System\CurrentControlSet\services\
\Group
HKLM\System\CurrentControlSet\services\
\DependOnService
HKLM\System\CurrentControlSet\services\
\BinaryPathName
HKLM\System\CurrentControlSet\services\
\RequiredPrivileges
HKLM\System\CurrentControlSet\services\
\Owners
HKLM\System\CurrentControlSet\services\
\ObjectName
HKLM\System\CurrentControlSet\services\
\ServiceStartName
HKLM\System\CurrentControlSet\services\
\ErrorControl
HKLM\System\CurrentControlSet\services\
\DependOnGroup
HKLM\System\CurrentControlSet\services\
\DisplayName
HKLM\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder
\List
HKLM\System\CurrentControlSet\services\
\Type
DWORD (0x00000001)
\ConsentStore\bluetooth
\ConsentStore\contacts
\ConsentStore\hunmanInterfaceDevice
\ConsentStore\location
\ConsentStore\microphone
\ConsentStore\usb\
\ConsentStore\webcam
\ConsentStore\humanInterfaceDevice
LastVisitedMRU
SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\RegEdit
\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
HKLM\SYSTEM\CurrentControlSet\Enum\USBSTOR
HKLM\SYSTEM\CurrentControlSet\Control\Safeboot\
C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe;C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe
HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust
HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust
HKLM\SOFTWARE\Microsoft\Cryptography\OID
HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID
HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters\ServerLevelPluginDll
Classes\exefile\shell\runas\command\isolatedCommand
\FriendlyName
HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress\(Default)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
HKLM\SOFTWARE\Microsoft\Tracing\
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
ndis;rndis
HKLM\SYSTEM\CurrentControlSet\Services\PortProxy\v4tov4
\Software\AppDataLow\Software\Microsoft\
.exe;.dll;powershell;wmic
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\lmcompatibilitylevel
DWORD (0x00000005)
Software\Microsoft\Office test\Special\Perf
\CurrentControlSet\Services\NTDS\LsaDbExtPt
\Services\NTDS\DirectoryServiceExtPt
GoToMyPc\FileTransfer\history
GoToMyPc\GuestInvite
Filesharing
DesktopSharing
LogIncomingConnections
LogOutgoingConnections
PermanentPasswordDate
Security_Adminrights
vncviewer\MRU
Autostart_GUI
Meeting_UserName
BuddyLoginName
BuddyLoginTokenID
Always_Online
HKLM\SOFTWARE\Microsoft\CurrentVersion\Policies\System\EnableLinkedConnections
Software\recfg
\Keyboard Layout\Preload\
\Keyboard Layout\Substitutes\
HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\
\Client\Enabled
\Server\Enabled
Kitty\Sessions
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\NtlmMinClientSec
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\RestrictSendingNTLMTraffic
PuTTY\Sessions
Terminal Server Client\Servers
WinSCP 2\Sessions
C:\Program Files (x86)\Kaspersky Lab
C:\Program Files\Kaspersky Lab
C:\Program Files (x86)\ESET
C:\Program Files\ESET
\EnableBHO
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports
Control\Print\Environments\Windows x64\Drivers
\Microsoft\.NETFramework;NGenAssemblyUsageLog
\REGISTRY\A\;LocalState\admin_settings
Content.IE5;INetCache
.exe;.zip;.ps1;.bat;.rar;.vbs;.hta
:Zone.Identifier
blob:;about:internet
56ceb6d0011d87b6e4d7023d7ef85676;4f2eb62fa529c0283b28d05ddd311fae;b91ce2fa41029f6955bff20079468448;b91ce2fa41029f6955bff20079468448;846e27a652a5e1bfbd0ddd38a16dc865;2c4a910a1299cdae2a4e55988a2f102e
SHA256=074eb0e75bb2d8f59f1fd571a8c5b76f9c899834893da6f7591b68531f2b5d82
SHA256=45c8233236a69a081ee390d4faa253177180b2bd45d8ed08369e07429ffbe0a9
SHA256=9ceca98c2b24ee30d64184d9d2470f6f2509ed914dafb87604123057a14c57c0
SHA256=29b75f0db3006440651c6342dc3c0672210cfb339141c75e12f6c84d990931c3
SHA256=c8c907a67955bcdf07dd11d35f2a23498fb5ffe5c6b5d7f36870cf07da47bff2
SHA256=76a2f2644cb372f540e179ca2baa110b71de3370bb560aca65dcddbd7da3701e
Startup;Content.Outlook;Downloads;Recycle;\Users\;\ProgramData\;\Windows\;Temp\7z;Temp\;Startup;.vb;.vbe;.vbs;.application;.appref-ms;.bat;.cmd;.cmdline;.docm;.exe;.lnk;.eml;.dll;.sys;.hta;.pptm;.ps1;.sys;.reg;.docm;.xlsm;.xlam;.pptm;.potm;.pptm;.sldm;.scf;.appref-ms;.rdp;.vbs;.js;.pem;.crt;.ca-bundle;.cer;.csr;.der;.p7b;.p7r;.p7s;.pfx;.sto;.p12;.crl;.sst;.key;:bin;.mht;.manifest;.cpl;.scr;.inf
IMPHASH=84B763C45C0E4A3E7CA5548C710DB4EE
IMPHASH=19584675D94829987952432E018D5056
IMPHASH=330768a4f172e10acb6287b87289d83b
IMPHASH=00000000000000000000000000000000
AppData\Local\Microsoft\Windows\AppCache\
\Microsoft\Windows\INetCache\
\Microsoft\Windows\Temporary Internet Files\Content.IE5
\Mozilla\Firefox\Profiles\
.default\prefs-1.js
Microsoft\Windows\Start Menu\Programs\Startup
msagent_;\MSSE-;postex;\status_
\atctl;\userpipe;\iehelper;\sdlrpc;\comnap
\PSEXESVC
-stdin
-stdout
RemCom_
stdin;stdout;stderr;communication
\svcctl
\ntsvcs
ConnectPipe
\lsadump;\cachedump;\wceservicepipe
\9f81f59bc58452127884ce513865ed20
\46a676ab7f179e511e30dd2dc41bd388
tssmp_endpoint
\NamePipe_MoreWindows
\WCEServicePipe
\ahexec
\cachedumppipe
\csexec
\e710f28d59aa529d6792ca6ff0ca1b34
\isapi_dg
\isapi_http
\isapi_http
\lsadump
\lsassw
\paexec
\pcheap_reuse
\gruntsvc
\remcom
\rpchlp_3
\sdlrpc
\winsession
\adschemerpc
\AnonymousPipe
\bc367
\bc31a7
\testPipe
msf-pipe
\atsvc
\isapi_http;\isapi_dg;\isapi_dg2;\sdlrpc;\ahexec;\winsession;\lsassw;\46a676ab7f179e511e30dd2dc41bd388;\9f81f59bc58452127884ce513865ed20;\e710f28d59aa529d6792ca6ff0ca1b34;\rpchlp_3;\NamePipe_MoreWindows;\pcheap_reuse;\gruntsvc;\583da945-62af-10e8-4902-a8f205c72b2e;\bizkaz;\Posh;\jaccdpqnvbrrxlaf;\csexecsvc
\atctl;\userpipe;\iehelper;\sdlrpc;\comnap
\DserNamedPipe;\mypipe-;\windows.update.manager;\ntsvcs_;scerpc_;\demoagent;\PGMessagePipe;\MsFTeWds;\f4c3;\fullduplex_;\msrpc_;\f53f;\rpc_;\spoolss_;\win_svc;\SearchTextHarvester;demoagent_
\wkssvc
\spoolss
\scerpc
\ntsvcs
\SearchTextHarvester
\PGMessagePipe
\MsFteWds
ConnectPipe
\MICROSOFT##WID\tsql\query
\Winsock2\CatalogChangeListener-
-0,
\pipe\
CtxSharefilepipe0
\winreg
Anonymous Pipe
C:\Program Files\Cavelo\Cavelo Agent\cavelo_windows_amd64.exe;C:\Program Files\Cavelo\Cavelo Agent\parser.exe
C:\Program Files (x86)\N-Able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe;\AutomationManager.ScriptRunner64.exe
ConnectPipe
lsass
\SQLLocal\RTCLOCAL
\spoolss
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\LxRun.exe
C:\Windows\System32\SearchIndexer.exe
C:\Windows\System32\smss.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\wininit.exe
C:\Windows\system32\DFSRs.exe
C:\Windows\SystemApps\Microsoft.Windows
C:\Windows\Microsoft.NET\Framework
ngen.exe
C:\Windows\SystemApps\ShellExperienceHost_
ShellExperienceHost.exe
C:\Windows\system32\SearchProtocolHost.exe
\System
ProtectedPrefix\LocalService\FTHPIPE
Exchange Server
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\BIN\OWSTIMER.EXE
C:\Windows\syswow64\snmp.exe
c:\windows\system32\inetsrv\w3wp.exe
\M.E.C.Core.WinRMDataCommunicator.NamedPipe.
C:\Windows\system32\dns.exe
\sql\query
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
\TDLN-
vmware-
\InitShutdown
\MsFteWds
\W32TIME_ALT
\WiFiNetworkManagerTask
\Winsock2CatelogChangeListener
\browser
\epmapper
\eventlog
\scerpc
\wkssvc
\ntapvsrq
\AutomationManagerAgent
Created
type: 16;type: 16
powershell.exe
github
powershell.exe
powershell;cscript.exe;wscript.exe;mshta.exe;bitsadmin.exe;\cmd.exe
.
dropboxapi.com
\Dropbox\Client\Dropbox.exe;\Dropbox\bin\Dropbox.exe;\Oracle\Java\
1drv
\AppData\Local\Microsoft\OneDrive\OneDrive.exe;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe;\Internet Explorer\iexplore.exe;C:\Windows\System32\AppHostRegistrationVerifier.exe;C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe;C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe;C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe;C:\Program Files\Mozilla Firefox\firefox.exe
.box.com;upload
mega.nz;mega.co.nz
privatlab.com
thedoccloud.com;deftsecurity.com;websitetheme.com;highdatabase.com;incomeupdate.com;zupertech.com;panhardware.com;databasegalore.com;avsvmcloud.com;freescanonline.com
tiktok;parler.com;gab.com;mewe.com;4chan;8chan;facebook;fbcdn;twitter;instagram;snapchat
efnet;undernet;freenode;ircnet;.rizon;quakenet;oftc.net;dalnet
.slack.com;discord.;telegram.;rocketchat.;mattermost.;flock.com
advanced-ip-scanner.com
kali.download
0x1f4b0.com;1q2w3.life;1q2w3.website;31.187.64.216;185.193.38.148;aalbbh84.info;adfreetv.ch;adless.io;adplusplus.fr;adrenali.gq;ajcryptominer.com;ajplugins.com;allfontshere.press;altavista.ovh;amhixwqagiz.ru;appelamule.com;arizona-miner.tk;aster18cdn.nl;aster18prx.nl;avero.xyz;averoconnector.com;bauersagtnein.myeffect.net;bhzejltg.info;blazepool;blockmasters;blockmasterscoins;bmnr.pw;bmst.pw;bohemianpool;carry.myeffect.net;cashbeet.com;cdn-code.host;cfceu.duckdns.org;cfcnet.gdn;cfcnet.top;cfcs1.duckdns.org;chainblock.science;cieh.mx;coin-hive.com;coin-service.com;coin-services.info;coiner.site;coinpirate.cf;coinrail.io;coinwebmining.com;cpu2cash.link;cryptaloot.pro;cryptmonero;crypto-loot.com;crypto-pool;crypto-webminer.com;cryptoloot.pro;d-ns.ga;dataservices.download;directprimal.com;dwarfpool;encoding.ovh;eth-pocket.com;eth-pocket.de;eth-pocket.eu;ethereum-pocket.de;ethereum-pocket.eu;ethtrader.de;eu.nimpool.io;eu.sushipool.com;f1tbit.com;flnqmin.org;freecontent.bid;freecontent.date;freecontent.loan;freecontent.racing;freecontent.stream;freecontent.win;gnrdomimplementation.com;graftpool.ovh;greenindex.dynamic-dns.net;gustaver.ddns.net;hashrefinery;hashvault.pro;herphemiste.com;hide.ovh;hk.rs;hlpidkr.ru;hodlers.party;hodling.faith;hostingcloud.win;hrfziiddxa.ru;ihdvilappuxpgiv.ru;imhvlhaelvvbrq.ru;insdrbot.com;irrrymucwxjl.ru;istlandoll.com;ivuovhsn.ru;iwanttoearn.money;ixvenhgwukn.ru;jqassets.download;jqr-cdn.download;jqrcdn.download;jquerrycdn.download;jqwww.download;jqxrrygqnagn.ru;jscoinminer.com;jwduahujge.ru;ksimdw.ru;l33tsite.info;laferia.cr;ledhenone.com;ltstyov.ru;mepirtedic.com;mine.bz;minercircle.com;minercry.pt;minergate;minero.cc;miners.pro;minescripts.info;mininghub.club;miningpoolhubcoins;minr.pw;mixpools.org;mmc.center;mollnia.com;monerise.com;monero.lindon-pool.win;monero;moriaxmr.com;munero.me;mxcdn1.now.sh;mxcdn2.now.sh;myadstats.com;mypool.online;nablabee.com;nanopool.org;nathetsof.com;nicehash;nimiqpool.com;node.philpool.com;npcdn1.now.sh;nunu-001.now.sh;ogondkskyahxa.ru;ogrid.org;oinkinns.tk;olecintri.com;omine.org;onvid.club;open-hive-server-1.pp.ua;oxwwoeukjispema.ru;pcejuyhjucmkiny.ru;pool.nimiq.watch;pool.nimiqchain.info;pool.porkypool.com;pool.xmr;poolto.be;prohash.net;prohash;proj2018.xyz;pzoifaum.info;ratchetmining.com;realnetwrk.com;reauthenticator.com;rove.cl;ruvuryua.ru;s7ven.com;scaleway.ovh;sentemanactri.com;sickrage.ca/ch;sighash.info;slushpool;soodatmish.com;sparechange.io;statdynamic.com;stati.bid;staticsfs.host;streamplay.to;suprnova.cc;svivqrhrh.ru;sxcdn02.now.sh;sxcdn3.now.sh;sxcdn4.now.sh;sxcdn6.now.sh;synconnector.com;teracycle.net;tercabilis.info;thelifeisbinary.ddns.net;thersprens.com;torrent.pw;ulnawoyyzbljc.ru;unrummaged.com;uoldid.ru;usxmrpool;viaxmr.com;vpzccwpyilvoyg.ru;vzzexalcirfgrf.ru;wbmwss.beetv.net;webmine.cz;webmine.pro;webminepool.tk;webminerpool.com;webwidgetz.duckdns.org;wmemsnhgldd.ru;wmtech.website;wmwmwwfmkvucbln.ru;wrxgandsfcz.ru;xmrm.pw;xmrminingproxy.com;xmrpool;yiimp;yuyyio.com;zavzlen.ru;zergpool;zergpoolcoins;ziykrgc.ru;zlx.com.br;zpool;analytics.blue;estream.to
graph.microsoft.com
dl.dropboxusercontent.com
api.onedrive.com
zoom.us
teamviewer
Screenconnect
census
researchscan
scanhub
shadow
shodan
.download
.kp
.su
.ss
.xn
.sy
.ve
.xxx
.cn
.click
.club
.ir
.ru
.host
.icu
.pw
.website
.ninja
.rocks
.top
.ua
.xyz
kuternull.com;rimrun.com;0ffice36o;asushotfix;infestexe;rahasn.webhop.org;rahasn.akamake.net;rahasn.homewealth.biz;winodwsupdates;israirairlines
githubusercontent.com;github.com
api.ipify.org;whatismyipaddress.com;edns.ip-api.com;checkip.dyndns.org;icanhazip.com;ifconfig.me;ifconfig.co;ipaddress.com;ipecho.net;ident.me;api.ip.sb;www.myexternalip.com;ip.anysrc.net;wtfismyip.com;myexternalip.com;ipecho.net;checkip.amazonaws.com;goo.gl;git.io;bit.ly;ow.ly;ip-api.com
tiny-share.com;paste.ee;pastebin.com
afraid.org;duckdns.org;changeip.com;ddns.net;hopto.org;zapto.org;servehttp.com;sytes.net;whoer.net;bravica.net;ip.webmasterhome.cn;whatsmyip.us;myip.kz;ip-addr.es;curlmyip;anysrc.net;anysrc.net;dlinkddns.com;no-ip.com;no-ip.org;no-ip.biz;no-ip.info;noip.com
darknet.to;hiddenservice.net;onion.cab;onion.city;onion.direct;onion.nu;onion.pet;onion.plus;onion.rip;onion.sh;onion.si;onion.to;onion.top;onion.ws;tor-gateways.de;tor2net.com;tor2web.blutmagie.de;tor2web.fi;tor2web.info;tor2web.io;tor2web.org
adblock.mydns.network;ibksturm.synology.me;jcdns.fun;ibuki.cgnat.net;dns.twnic.tw;commons.host;doh.dnswarden.com;dns-nyc.aaflalo.me;dns.aaflalo.me;doh.appliedprivacy.net;doh.captnemo.in;doh.tiar.app;doh.tiarap.org;doh.defaultroutes.de;doh.dns.sb;dns.oszx.co;2.dnscrypt-cert.oszx.co;dnscrypt;edns.233py.com;hk-dns.233py.com;hk2dns.233py.com;hkdns.233py.com;hkdns.233py.com;ndns.233py.com;sdns.233py.com;wdns.233py.com;pastebin.com;dns.adguard.com;dns-family.adguard.com;security-filter-dns.cleanbrowsing.org;family-filter-dns.cleanbrowsing.org;adult-filter-dns.cleanbrowsing.org;cloudflare-dns.com;mozilla.cloudflare-dns.com;dns.233py.com;dns.aaflalo.me;dns.google;doh.opendns.com;dns.quad9.net;dns9.quad9.net;dns10.quad9.net;dns11.quad9.net;doh.xfinity.com;dns.nextdns.io;dns.dnsoverhttps.net;doh.crypto.sx;doh.powerdns.org;doh-ch.blahdns.com;doh-de.blahdns.com;dns.rubyfish.cn;dns.containerpi.com;doh-2.seby.io;doh.seby.io;rdns.faelix.net;doh.li;doh.armadillodns.net;doh.netweaver.uk;doh.42l.fr;dns.aa.net.uk
gc._msdcs.
_kerberos._tcp.dc._msdcs.
_kerberos._udp.dc._msdcs.
_ldap._tcp.pdc._msdcs.
wpad
_ldap.
C:\Windows\
unknown process
C:\ProgramData\Microsoft\Windows Defender\Platform\;\Windows Defender\MsMpEng.exe;C:\Windows\
System;svchost.exe;services.exe;unknown process;\;;
C:\Program Files\Cavelo\Cavelo Agent\cavelo_windows_amd64.exe;C:\PROGRA~2\BEANYW~1\GETSUP~1\TCIntegratorCommHelper.exe;C:\ProgramData\Cavelo\jre\bin\java.exe;C:\Program Files\SentinelOne\;C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\NableUpdateService.exe;C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe;C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe;C:\Program Files (x86)\lpagent\lpagent.exe;C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe;C:\Program Files (x86)\N-able Technologies\Reactive\bin\NableReactiveManagement.exe;C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe;C:\Program Files (x86)\N-able Technologies\AutomationManagerEngine\2.70.0.4\AutomationManager.ScriptRunner64.exe
C:\Program Files (x86)\Admin Arsenal\
C:\Program Files (x86)\CheckPoint\
C:\Program Files (x86)\Fortinet\
C:\Program Files\SentinelOne\
\Ranger\SentinelRanger.exe
C:\Program Files (x86)\OpenDNS\OpenDNS Connector
C:\Program Files (x86)\Razer\Razer Services\
C:\Program Files (x86)\Trend Micro\
C:\Program Files (x86)\VMware
C:\Program Files (x86)\Veeam\
C:\Program Files\CheckPoint\
C:\Program Files\Trend Micro\
Slack.exe
ConnectWise.exe
git-remote-https.exe
C:\Program Files (x86)\Enpass\Enpass.exe
C:\Program Files (x86)\Fiserv\Vision\VisionGUI.NET.exe
C:\Program Files (x86)\Fortinet\FortiClient\update_task.exe
C:\Program Files (x86)\Lenovo\System Update\Tvsukernel.exe
C:\Program Files\VMware\vCenter Server\jre\bin\java.exe
C:\Program Files\VMware\vCenter Server\python\python.exe
C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Manager.exe
C:\Windows\SysWOW64\SearchProtocolHost.exe
C:\Windows\System32\dsregcmd.exe
C:\Windows\sysmon64.exe
C:\Windows\sysmon.exe
brave-sync.s3.dualstack.
.salesforceliveagent.com
ads-serve.brave.com
.msftncsi.com
..localmachine
-pushp.svc.ms
.b-msedge.net
.bing.com
.hotmail.com
.live.com
.live.net
.microsoft.com
.microsoftonline.com
.microsoftstore.com
.ms-acdc.office.com
.msedge.net
.msn.com
.msocdn.com
.s-microsoft.com
.skype.com
.skype.net
.windows.com
.windows.net.nsatc.net
.windowsupdate.com
.xboxlive.com
login.windows.net
.activedirectory.windowsazure.com
.msauth.net
.msftauth.net
.opinsights.azure.com
management.azure.com
outlook.office365.com
portal.azure.com
.mozaws.net
.mozilla.com
.mozilla.net
.mozilla.org
.spotify.com
.spotify.map.fastly.net
googleapis.com
clients1.google.com
clients2.google.com
clients3.google.com
clients4.google.com
clients5.google.com
clients6.google.com
cloudsearch.googleapis.com
id.google.com
safebrowsing.googleapis.com
www.googleapis.com
.akadns.net
.netflix.com
.typekit.net
aspnetcdn.com
ajax.googleapis.com
cdnjs.cloudflare.com
cdnjs.cloudflare.com
fonts.googleapis.com
.steamcontent.com
.disqus.com
.fontawesome.com
disqus.com
.1rx.io
.2mdn.net
.adadvisor.net
.adap.tv
.addthis.com
.adform.net
.adnxs.com
.adroll.com
.adrta.com
.adsafeprotected.com
.adsrvr.org
.advertising.com
.amazon-adsystem.com
.amazon-adsystem.com
.analytics.yahoo.com
.aol.com
.betrad.com
.bidswitch.net
.casalemedia.com
.chartbeat.net
.cnn.com
.convertro.com
.criteo.com
.criteo.net
.crwdcntrl.net
.demdex.net
.domdex.com
.dotomi.com
.doubleclick.net
.doubleverify.com
.emxdgt.com
.exelator.com
.google-analytics.com
.googleadservices.com
.googlesyndication.com
.googletagmanager.com
.googlevideo.com
.gstatic.com
.gvt1.com
.gvt2.com
.ib-ibi.com
.jivox.com
.mathtag.com
.moatads.com
.moatpixel.com
.mookie1.com
.myvisualiq.net
.netmng.com
.nexac.com
.nexac.com
.openx.net
.optimizely.com
.outbrain.com
.pardot.com
.phx.gbl
.pinterest.com
.pubmatic.com
.quantcount.com
.quantserve.com
.revsci.net
.rfihub.net
.rlcdn.com
.rubiconproject.com
.scdn.co
.scorecardresearch.com
.serving-sys.com
.sharethrough.com
.simpli.fi
.sitescout.com
.smartadserver.com
.snapads.com
.spotxchange.com
.taboola.com
.taboola.map.fastly.net
.tapad.com
.tidaltv.com
.trafficmanager.net
.tremorhub.com
.tribalfusion.com
.turn.com
.twimg.com
.tynt.com
.w55c.net
.ytimg.com
.zorosrv.com
ads.yahoo.com
1rx.io
adservice.google.com
ampcid.google.com
clientservices.googleapis.com
d29x207vrinatv.cloudfront.net
googleadapis.l.google.com
imasdk.googleapis.com
l.google.com
ml314.com
mtalk.google.com
update.googleapis.com
www.googletagservices.com
.pscp.tv
adsniper.ru
cdnvideo.ru
chat.minergate.com
cwsa.minergate.com
forum.minergate.com
leadlab.click
mc.yandex.ru
pool.ntp.org
vmg.host
yandex.ru
.adobe.com
.autodesk.com
.avast.com
.avcdn.net
.cdn.bitdefender.net
.digicert.com
.eset.com
.globalsign.com
.globalsign.net
.intuit.com
.java.com
.macromedia.com
.oracle.com
.quickbooks.com
.usertrust.com
amazontrust.com
ocsp.identrust.com
pki.goog
ads.playground.xyz
citrixupdates.cloud.com
forticlient.fortinet.net
mft10.onbaseonline.com
msocsp.com
ocsp.comodoca.com
ocsp.cybertrust.ne.jp
ocsp.entrust.net
ocsp.entrust.net
ocsp.godaddy.com
ocsp.int-x3.letsencrypt.org
ocsp.intel.com
ocsp.msocsp.com
ocsp.quovadisglobal.com
ocsp.quovadisoffshore.com
ocsp.sectigo.com
ocsp.starfieldtech.com
ocsp.thawte.com
ocsp.trustwave.com
ocsp.verisign.com
pki-goog.l.google.com
pki.intel.com
scrootca1.ocsp.secomtrust.net
scrootca2.ocsp.secomtrust.net
stats.anchor.host
status.rapidssl.com
status.thawte.com
ts-ocsp.ws.symantec.com
upgrade.bitdefender.com
.;>;unknown;anonymous
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Symantec\
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Symantec\
\BHO\ie_to_edge_stub.exe;\Microsoft\Teams\;\Vivaldi\Application\;Google\Chrome\;Google\Update;BraveSoftware\Brave-Browser\;Edge\Application\;EdgeUpdate\Install\;Program Files\SmartGit\
\appdata\local\google\chrome\user data\swreporter\;software_reporter_tool.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
NETWORK SERVICE; LOCAL SERVICE
C:\Users\
\Downloads
C:\Users\
Content.Outlook
.exe
.dll
.sys
.ocx
.scr
.cpl
.efi
.drv
.ax
.com
.acm
.mui
.ime
.tsp
.tmp
.ico
C:\Windows\system32\MpSigStub.exe
powershell.exe;powershell_ise.exe;pwsh.exe;Sqlps.exe
cmd.exe;conhost.exe
C:\Users\Public\
C:\Perflogs\
C:\Windows\Fonts\
C:\Windows\debug\
C:\Windows\Tasks\
C:\Windows\tracing\
C:\Windows\Help\
C:\Windows\Logs\
C:\Windows\System32\spool\SERVERS\
C:\Windows\System32\spool\PRINTERS\
C:\Windows\Help\
C:\Windows\SysWOW64\Tasks
C:\ProgramData\Intel
C:\ProgramData\Mozilla
C:\ProgramData\chocolatey\
C:\ProgramData\Microsoft\DeviceSync
C:\ProgramData\Microsoft\PlayReady
C:\ProgramData\Microsoft\User Account Pictures
C:\ProgramData\Microsoft\Office\Heartbeat
C:\ProgramData\Microsoft\Windows\WER
C:\Users\All Users\
C:\Users\;\Music\
C:\Users\;\Pictures\
C:\Users\;\Videos\
C:\Users\;\Contacts\
.7z.exe
.doc.exe
.docm.exe
.docx.exe
.htm.exe
.html.exe
.iso.exe
.lnk.exe
.pdf.exe
.ppt.exe
.pptx.exe
.rar.exe
.rtf.exe
.txt.exe
.xls.exe
.xlsm.exe
.xlsx.exe
.zip.exe
\EntenLoader.exe
\SysmonQuiet.exe
\SharpEvtMute.exe
\EvtMuteHook.dll
\SysmonEOP.exe
IMPHASH=BCCA3C247B619DCD13C8CDFF5F123932
IMPHASH=3A19059BD7688CB88E70005F18EFC439
IMPHASH=bf6223a49e45d99094406777eb6004ba
IMPHASH=0C106686A31BFE2BA931AE1CF6E9DBC6
IMPHASH=0D1447D4B3259B3C2A1D4CFB7ECE13C3
IMPHASH=1B0369A1E06271833F78FFA70FFB4EAF
IMPHASH=4C1B52A19748428E51B14C278D0F58E3
IMPHASH=4D927A711F77D62CEBD4F322CB57EC6F
IMPHASH=66EE036DF5FC1004D9ED5E9A94A1086A
IMPHASH=672B13F4A0B6F27D29065123FE882DFC
IMPHASH=6BBD59CEA665C4AFCC2814C1327EC91F
IMPHASH=725BB81DC24214F6ECACC0CFB36AD30D
IMPHASH=9528A0E91E28FBB88AD433FEABCA2456
IMPHASH=9DA6D5D77BE11712527DCAB86DF449A3
IMPHASH=A6E01BC1AB89F8D91D9EAB72032AAE88
IMPHASH=B24C5EDDAEA4FE50C6A96A2A133521E4
IMPHASH=D21BBC50DCC169D7B4D0F01962793154
IMPHASH=FCC251CCEAE90D22C392215CC9A2D5D6
IMPHASH=23867A89C2B8FC733BE6CF5EF902F2D1
IMPHASH=A37FF327F8D48E8A4D2F757E1B6E70BC
IMPHASH=F9A28C458284584A93B14216308D31BD
IMPHASH=6118619783FC175BC7EBECFF0769B46E
IMPHASH=959A83047E80AB68B368FDB3F4C6E4EA
IMPHASH=563233BFA169ACC7892451F71AD5850A
IMPHASH=87575CB7A0E0700EB37F2E3668671A08
IMPHASH=13F08707F759AF6003837A150A371BA1
IMPHASH=1781F06048A7E58B323F0B9259BE798B
IMPHASH=233F85F2D4BC9D6521A6CAAE11A1E7F5
IMPHASH=24AF2584CBF4D60BBE5C6D1B31B3BE6D
IMPHASH=632969DDF6DBF4E0F53424B75E4B91F2
IMPHASH=713C29B396B907ED71A72482759ED757
IMPHASH=749A7BB1F0B4C4455949C0B2BF7F9E9F
IMPHASH=8628B2608957A6B0C6330AC3DE28CE2E
IMPHASH=8B114550386E31895DFAB371E741123D
IMPHASH=94CB940A1A6B65BED4D5A8F849CE9793
IMPHASH=9D68781980370E00E0BD939EE5E6C141
IMPHASH=B18A1401FF8F444056D29450FBC0A6CE
IMPHASH=CB567F9498452721D77A451374955F5F
IMPHASH=730073214094CD328547BF1F72289752
IMPHASH=17B461A082950FC6332228572138B80C
IMPHASH=DC25EE78E2EF4D36FAA0BADF1E7461C9
IMPHASH=819B19D53CA6736448F9325A85736792
IMPHASH=829DA329CE140D873B4A8BDE2CBFAA7E
IMPHASH=C547F2E66061A8DFFB6F5A3FF63C0A74
IMPHASH=0588081AB0E63BA785938467E1B10CCA
IMPHASH=0D9EC08BAC6C07D9987DFD0F1506587C
IMPHASH=BC129092B71C89B4D4C8CDF8EA590B29
IMPHASH=4DA924CF622D039D58BCE71CDF05D242
IMPHASH=E7A3A5C377E2D29324093377D7DB1C66
IMPHASH=9A9DBEC5C62F0380B4FA5FD31DEFFEDF
IMPHASH=AF8A3976AD71E5D5FDFB67DDB8DADFCE
IMPHASH=0C477898BBF137BBD6F2A54E3B805FF4
IMPHASH=0CA9F02B537BCEA20D4EA5EB1A9FE338
IMPHASH=3AB3655E5A14D4EEFC547F4781BF7F9E
IMPHASH=E6F9D5152DA699934B30DAAB206471F6
IMPHASH=3AD59991CCF1D67339B319B15A41B35D
IMPHASH=FFDD59E0318B85A3E480874D9796D872
IMPHASH=0CF479628D7CC1EA25EC7998A92F5051
IMPHASH=07A2D4DCBD6CB2C6A45E6B101F0B6D51
IMPHASH=D6D0F80386E1380D05CB78E871BC72B1
IMPHASH=38D9E015591BBFD4929E0D0F47FA0055
IMPHASH=0E2216679CA6E1094D63322E3412D650
IMPHASH=ADA161BF41B8E5E9132858CB54CAB5FB
IMPHASH=2A1BC4913CD5ECB0434DF07CB675B798
IMPHASH=11083E75553BAAE21DC89CE8F9A195E4
IMPHASH=A23D29C9E566F2FA8FFBB79267F5DF80
IMPHASH=4A07F944A83E8A7C2525EFA35DD30E2F
IMPHASH=767637C23BB42CD5D7397CF58B0BE688
IMPHASH=14C4E4C72BA075E9069EE67F39188AD8
IMPHASH=3C782813D4AFCE07BBFC5A9772ACDBDC
IMPHASH=7D010C6BB6A3726F327F7E239166D127
IMPHASH=89159BA4DD04E4CE5559F132A9964EB3
IMPHASH=6F33F4A5FC42B8CEC7314947BD13F30F
IMPHASH=5834ED4291BDEB928270428EBBAF7604
IMPHASH=5A8A8A43F25485E7EE1B201EDCBC7A38
IMPHASH=DC7D30B90B2D8ABF664FBED2B1B59894
IMPHASH=41923EA1F824FE63EA5BEB84DB7A3E74
IMPHASH=3DE09703C8E79ED2CA3F01074719906B
IMPHASH=A53A02B997935FD8EEDCB5F7ABAB9B9F
IMPHASH=E96A73C7BF33A464C510EDE582318BF2
IMPHASH=32089B8851BBF8BC2D014E9F37288C83
IMPHASH=09D278F9DE118EF09163C6140255C690
IMPHASH=03866661686829d806989e2fc5a72606
IMPHASH=e57401fbdadcd4571ff385ab82bd5d6d
IMPHASH=84B763C45C0E4A3E7CA5548C710DB4EE
IMPHASH=19584675D94829987952432E018D5056
IMPHASH=330768A4F172E10ACB6287B87289D83B
IMPHASH=885C99CCFBE77D1CBFCB9C4E7C1A3313
IMPHASH=22A22BC9E4E0D2F189F1EA01748816AC
IMPHASH=7FA30E6BB7E8E8A69155636E50BF1B28
IMPHASH=96DF3A3731912449521F6F8D183279B1
IMPHASH=7E6CF3FF4576581271AC8A313B2AAB46
IMPHASH=51791678F351C03A0EB4E2A7B05C6E17
IMPHASH=25CE42B079282632708FC846129E98A5
MD5=7B17F15713FCF13C764535AA2BDF52AA
SHA1=4E18320493042BCD7D21B53E258974BC460ACC78
SHA256=477DFE485F5BD9540CC83E88FC04AAFB6DE49CF1ADC6BD857D5D6F4C1730A6D1
winword.exe
excel.exe
powerpnt.exe
msaccess.exe
mspub.exe
eqnedt32.exe
visio.exe
wordpad.exe
wordview.exe
msohtmed.exe
onenote.exe
onenotem.exe
onenoteim.exe
certutil.exe
certoc.exe
CertReq.exe
Desktopimgdownldr.exe
esentutl.exe
finger.exe
notepad.exe
AcroRd32.exe
RdrCEF.exe
calc.exe
mspaint.exe
hh.exe
control.exe
CMSTP.exe
installutil.exe
mshta.exe
msiexec.exe
Odbcconf.exe
Regsvcs.exe;Regasm.exe
regsvr32.exe
Rundll32.exe
Verclsid.exe
mavinject.exe;mavinject64.exe
mmc.exe
Appvlp.exe;InfDefaultInstall.EXE;PresentationHost.exe;Register-cimprovider.exe;RegisterCimProvider2.exe;RegisterCimProvider.exe;ScriptRunner.exe;appcmd.exe;csi.exe;devtoolslauncher.exe;diskshadow.exe;extexport.exe;jjs.exe;msconfig.EXE;msdt.exe;rasautou.exe;rasdlui.exe;replace.exe;tttracer.exe;wab.exe;wsreset.exe
SHA256=7ad0ab23023bc500c3b46f414a8b363c5f8700861bc4745cecc14dd34bcee9ed
SHA256=0aafa9f47acf69d46c9542985994ff5321f00842a28df2396d4a3076776a83cb
SHA256=0ae8d1dd56a8a000ced74a627052933d2e9bff31d251de185b3c0c5fc94a44db
SHA256=0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05
SHA256=0b2ad05939b0aabbdc011082fad7960baa0c459ec16a2b29f37c1fa31795a46d
SHA256=0b542e47248611a1895018ec4f4033ea53464f259c74eb014d018b19ad818917
SHA256=0bc3685b0b8adc97931b5d31348da235cd7581a67edf6d79913e6a5709866135
SHA256=0be4912bfd7a79f6ebfa1c06a59f0fb402bd4fe0158265780509edd0e562eac1
SHA256=0c512b615eac374d4d494e3c36838d8e788b3dc2691bf27916f7f42694b14467
SHA256=0cd4ca335155062182608cad9ef5c8351a715bce92049719dd09c76422cd7b0c
SHA256=0ce40a2cdd3f45c7632b858e8089ddfdd12d9acb286f2015a4b1b0c0346a572c
SHA256=0cf6c6c2d231eaf67dfc87561cc9a56ecef89ab50baafee5a67962748d51faf3
SHA256=0d3790af5f8e5c945410929e31d06144a471ac82f828afe89a4758a5bbeb7f9f
SHA256=0da746e49fd662be910d0e366934a7e02898714eaaa577e261ab40eb44222b5c
SHA256=0de4247e72d378713bcf22d5c5d3874d079203bb4364e25f67a90d5570bdcce8
SHA256=0e53b58415fa68552928622118d5b8a3a851b2fc512709a90b63ba46acda8b6b
SHA256=0ebaef662b14410c198395b13347e1d175334ec67919709ad37d65eba013adff
SHA256=0ee5067ce48883701824c5b1ad91695998916a3702cf8086962fbe58af74b2d6
SHA256=0f016c80c4938fbcd47a47409969b3925f54292eba2ce01a8e45222ce8615eb8
SHA256=0f17e5cfc5bdd74aff91bfb1a836071345ba2b5d1b47b0d5bf8e7e0d4d5e2dbf
SHA256=0f035948848432bc243704041739e49b528f35c82a5be922d9e3b8a4c44398ff
SHA256=0fd2df82341bf5ebb8a53682e60d08978100c01acb0bed7b6ce2876ada80f670
SHA256=01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd
SHA256=01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece
SHA256=1a4f7d7926efc3e3488758ce318246ea78a061bde759ec6c906ff005dd8213e5
SHA256=1a42ebde59e8f63804eaa404f79ee93a16bb33d27fb158c6bfbe6143226899a0
SHA256=1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c
SHA256=1aaf4c1e3cb6774857e2eef27c17e68dc1ae577112e4769665f516c2e8c4e27b
SHA256=1afa03118f87b62c59a97617e595ebb26dde8dbdd16ee47ef3ddd1097c30ef6a
SHA256=1b00d6e5d40b1b84ca63da0e99246574cdd2a533122bc83746f06c0d66e63a6e
SHA256=1b7fb154a7b7903a3c81f12f4b094f24a3c60a6a8cffca894c67c264ab7545fa
SHA256=1c8dfa14888bb58848b4792fb1d8a921976a9463be8334cff45cc96f1276049a
SHA256=1c1251784e6f61525d0082882a969cb8a0c5d5359be22f5a73e3b0cd38b51687
SHA256=1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8
SHA256=1ddfe4756f5db9fb319d6c6da9c41c588a729d9e7817190b027b38e9c076d219
SHA256=1e0eb0811a7cf1bdaf29d3d2cab373ca51eb8d8b58889ab7728e2d3aed244abe
SHA256=1e8b0c1966e566a523d652e00f7727d8b0663f1dfdce3b9a09b9adfaef48d8ee
SHA256=1e16a01ef44e4c56e87abfbe03b2989b0391b172c3ec162783ad640be65ab961
SHA256=1ee59eb28688e73d10838c66e0d8e011c8df45b6b43a4ac5d0b75795ca3eb512
SHA256=1f4d4db4abe26e765a33afb2501ac134d14cadeaa74ae8a0fae420e4ecf58e0c
SHA256=1f8168036d636aad1680dd0f577ef9532dbb2dad3591d63e752b0ba3ee6fd501
SHA256=2a6db9facf9e13d35c37dd468be04bae5f70c6127a9aee76daebddbdec95d486
SHA256=2a9d481ffdc5c1e2cb50cf078be32be06b21f6e2b38e90e008edfc8c4f2a9c4e
SHA256=2a652de6b680d5ad92376ad323021850dab2c653abf06edf26120f7714b8e08a
SHA256=2a6212f3b68a6f263e96420b3607b31cfdfe51afff516f3c87d27bf8a89721e8
SHA256=2aa1b08f47fbb1e2bd2e4a492f5d616968e703e1359a921f62b38b8e4662f0c4
SHA256=2afdb3278a7b57466a103024aef9ff7f41c73a19bab843a8ebf3d3c4d4e82b30
SHA256=2b4c7d3820fe08400a7791e2556132b902a9bbadc1942de57077ecb9d21bf47a
SHA256=2b120de80a5462f8395cfb7153c86dfd44f29f0776ea156ec4a34fa64e5c4797
SHA256=2b186926ed815d87eaf72759a69095a11274f5d13c33b8cc2b8700a1f020be1d
SHA256=2bbc6b9dd5e6d0327250b32305be20c89b19b56d33a096522ee33f22d8c82ff1
SHA256=2bbe65cbec3bb069e92233924f7ee1f95ffa16173fceb932c34f68d862781250
SHA256=2bf29a2df52110ed463d51376562afceac0e80fbb1033284cf50edd86c406b14
SHA256=2ce81759bfa236913bbbb9b2cbc093140b099486fd002910b18e2c6e31fdc4f1
SHA256=2d2c7ee9547738a8a676ab785c151e8b48ed40fe7cf6174650814c7f5f58513b
SHA256=2d83ccb1ad9839c9f5b3f10b1f856177df1594c66cbbc7661677d4b462ebf44d
SHA256=2d195cd4400754cc6f6c3f8ab1fe31627932c3c1bf8d5d0507c292232d1a2396
SHA256=2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e
SHA256=2e6b339597a89e875f175023ed952aaac64e9d20d457bbc07acf1586e7fe2df8
SHA256=2e665962c827ce0adbd29fe6bcf09bbb1d7a7022075d162ff9b65d0af9794ac0
SHA256=2ef7df384e93951893b65500dac6ee09da6b8fe9128326caad41b8be4da49a1e
SHA256=2f60536b25ba8c9014e4a57d7a9a681bd3189fa414eea88c256d029750e15cae
SHA256=2fbbc276737047cb9b3ba5396756d28c1737342d89dce1b64c23a9c4513ae445
SHA256=03e0581432f5c8cc727a8aa387f5b69ff84d38d0df6f1226c19c6e960a81e1e9
SHA256=3a5ec83fe670e5e23aef3afa0a7241053f5b6be5e6ca01766d6b5f9177183c25
SHA256=3a65d14fd3b1b5981084cdbd293dc6f4558911ea18dd80177d1e5b54d85bcaa0
SHA256=3a95cc82173032b82a0ffc7d2e438df64c13bc16b4574214c9fe3be37250925e
SHA256=3ac5e01689a3d745e60925bc7faca8d4306ae693e803b5e19c94906dc30add46
SHA256=3b6e85c8fed9e39b21b2eab0b69bc464272b2c92961510c36e2e2df7aa39861b
SHA256=3c5d7069f85ec1d6f58147431f88c4d7c48df73baf94ffdefd664f2606baf09c
SHA256=3c6f9917418e991ed41540d8d882c8ca51d582a82fd01bff6cdf26591454faf5
SHA256=3c7e5b25a33a7805c999d318a9523fcae46695a89f55bbdb8bb9087360323dfc
SHA256=3c18ae965fba56d09a65770b4d8da54ccd7801f979d3ebd283397bc99646004b
SHA256=3c4207c90c97733fae2a08679d63fbbe94dfcf96fdfdf88406aa7ab3f80ea78f
SHA256=3cb75429944e60f6c820c7638adbf688883ad44951bca3f8912428afe72bc134
SHA256=3d9e83b189fcf5c3541c62d1f54a0da0a4e5b62c3243d2989afc46644056c8e3
SHA256=3d23bdbaf9905259d858df5bf991eb23d2dc9f4ecda7f9f77839691acef1b8c4
SHA256=3e1d47a497babbfd1c83905777b517ec87c65742bee7eb57a2273eca825d2272
SHA256=3e07bb866d329a2f9aaa4802bad04fdac9163de9bf9cfa1d035f5ca610b4b9bf
SHA256=3e9b62d2ea2be50a2da670746c4dbe807db9601980af3a1014bcd72d0248d84c
SHA256=3e274df646f191d2705c0beaa35eeea84808593c3b333809f13632782e27ad75
SHA256=3ec5ad51e6879464dfbccb9f4ed76c6325056a42548d5994ba869da9c4c039a8
SHA256=3f2fda9a7a9c57b7138687bbce49a2e156d6095dddabb3454ea09737e02c3fa5
SHA256=3f9530c94b689f39cc83377d76979d443275012e022782a600dcb5cad4cca6aa
SHA256=3fa6379951f08ed3cb87eeba9cf0c5f5e1d0317dcfcf003b810df9d795eeb73e
SHA256=3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6
SHA256=3ff39728f1c11d1108f65ec5eb3d722fd1a1279c530d79712e0d32b34880baaa
SHA256=04a85e359525d662338cae86c1e59b1d7aa9bd12b920e8067503723dc1e03162
SHA256=4a3d4db86f580b1680d6454baee1c1a139e2dde7d55e972ba7c92ec3f555dce2
SHA256=4a9093e8dbcb867e1b97a0a67ce99a8511900658f5201c34ffb8035881f2dbbe
SHA256=4ab41816abbf14d59e75b7fad49e2cb1c1feb27a3cb27402297a2a4793ff9da7
SHA256=4b4c925c3b8285aeeab9b954e8b2a0773b4d2d0e18d07d4a9d268f4be90f6cae
SHA256=4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1
SHA256=4bc0921ffd4acc865525d3faf98961e8decc5aec4974552cbbf2ae8d5a569de4
SHA256=4cff6e53430b81ecc4fae453e59a0353bcfe73dd5780abfc35f299c16a97998e
SHA256=4d19ee789e101e5a76834fb411aadf8229f08b3ece671343ad57a6576a525036
SHA256=4d0580c20c1ba74cf90d44c82d040f0039542eea96e4bbff3996e6760f457cee
SHA256=4da08c0681fbe028b60a1eaf5cb8890bd3eba4d0e6a8b976495ddcd315e147ba
SHA256=4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80
SHA256=4e37592a2a415f520438330c32cfbdbd6af594deef5290b2fa4b9722b898ff69
SHA256=05f052c64d192cf69a462a5ec16dda0d43ca5d0245900c9fcb9201685a2e7748
SHA256=5a826b4fa10891cf63aae832fc645ce680a483b915c608ca26cedbb173b1b80a
SHA256=5ae23f1fcf3fb735fcf1fa27f27e610d9945d668a149c7b7b0c84ffd6409d99a
SHA256=5b3705b47dc15f2b61ca3821b883b9cd114d83fcc3344d11eb1d3df495d75abe
SHA256=5b9623da9ba8e5c80c49473f40ffe7ad315dcadffc3230afdc9d9226d60a715a
SHA256=5bd41a29cbba0d24e639f49d1f201b9bd119b11f5e3b8a5fefa3a5c6f1e7692c
SHA256=5c0b429e5935814457934fa9c10ac7a88e19068fa1bd152879e4e9b89c103921
SHA256=5c04c274a708c9a7d993e33be3ea9e6119dc29527a767410dbaf93996f87369a
SHA256=5cfad3d473961763306d72c12bd5ae14183a1a5778325c9acacca764b79ca185
SHA256=5d530e111400785d183057113d70623e17af32931668ab7c7fc826f0fd4f91a3
SHA256=5ee292b605cd3751a24e5949aae615d472a3c72688632c3040dc311055b75a92
SHA256=5f5e5f1c93d961985624768b7c676d488c7c7c1d4c043f6fc1ea1904fefb75be
SHA256=5f7e47d728ac3301eb47b409801a0f4726a435f78f1ed02c30d2a926259c71f3
SHA256=5f69d6b167a1eeca3f6ac64785c3c01976ee7303171faf998d65852056988683
SHA256=5f6547e9823f94c5b94af1fb69a967c4902f72b6e0c783804835e6ce27f887b0
SHA256=5f20541f859f21b3106e12d37182b1ea39bb75ffcfcddb2ece4f6edd42c0bab2
SHA256=5f487829527802983d5c120e3b99f3cf89333ca14f5e49ac32df0798cfb1f7aa
SHA256=5fad3775feb8b6f6dcbd1642ae6b6a565ff7b64eadfc9bf9777918b51696ab36
SHA256=06bda5a1594f7121acd2efe38ccb617fbc078bb9a70b665a5f5efd70e3013f50
SHA256=6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5
SHA256=6b830ea0db6546a044c9900d3f335e7820c2a80e147b0751641899d1a5aa8f74
SHA256=6befa481e8cca8084d9ec3a1925782cd3c28ef7a3e4384e034d48deaabb96b63
SHA256=6bfc0f425de9f4e7480aa2d1f2e08892d0553ed0df1c31e9bf3d8d702f38fa2e
SHA256=6c7120e40fc850e4715058b233f5ad4527d1084a909114fd6a36b7b7573c4a44
SHA256=6c64688444d3e004da77dcfb769d064bb38afceeef7ff915dfc71e60e19ff18a
SHA256=6cb6e23ba516570bbd158c32f7c7c99f19b24ca4437340ecb39253662afe4293
SHA256=6cb51ae871fbd5d07c5aad6ff8eea43d34063089528603ca9ceb8b4f52f68ddc
SHA256=6de84caa2ca18673e01b91af58220c60aecd5cccf269725ec3c7f226b2167492
SHA256=6e0aa67cfdbe27a059cbd066443337f81c5b6d37444d14792d1c765d9d122dcf
SHA256=6e944ae1bfe43a8a7cd2ea65e518a30172ce8f31223bdfd39701b2cb41d8a9e7
SHA256=6ed35f310c96920a271c59a097b382da07856e40179c2a4239f8daa04eef38e7
SHA256=6f1fc8287dd8d724972d7a165683f2b2ad6837e16f09fe292714e8e38ecd1e38
SHA256=6f1ff29e2e710f6d064dc74e8e011331d807c32cc2a622cbe507fd4b4d43f8f4
SHA256=6f55c148bb27c14408cf0f16f344abcd63539174ac855e510a42d78cfaec451c
SHA256=6fb5bc9c51f6872de116c7db8a2134461743908efc306373f6de59a0646c4f5d
SHA256=6ffdde6bc6784c13c601442e47157062941c47015891e7139c2aaba676ab59cc
SHA256=07b6d69bafcfd767f1b63a490a8843c3bb1f8e1bbea56176109b5743c8f7d357
SHA256=7a48f92a9c2d95a72e18055cac28c1e7e6cad5f47aa735cbea5c3b82813ccfaf
SHA256=7aaf2aa194b936e48bc90f01ee854768c8383c0be50cfb41b346666aec0cf853
SHA256=7b0f442ac0bb183906700097d65aed0b4b9d8678f9a01aca864854189fe368e7
SHA256=7c731c0ea7f28671ab7787800db69739ea5cd6be16ea21045b4580cf95cbf73b
SHA256=7cb497abc44aad09a38160d6a071db499e05ff5871802ccc45d565d242026ee7
SHA256=7cb594af6a3655daebc9fad9c8abf2417b00ba31dcd118707824e5316fc0cc21
SHA256=7cc9ba2df7b9ea6bb17ee342898edd7f54703b93b6ded6a819e83a7ee9f938b4
SHA256=7cfa5e10dff8a99a5d544b011f676bc383991274c693e21e3af40cf6982adb8c
SHA256=7d8937c18d6e11a0952e53970a0934cf0e65515637ac24d6ca52ccf4b93d385f
SHA256=7d43769b353d63093228a59eb19bba87ce6b552d7e1a99bf34a54eee641aa0ea
SHA256=7da6113183328d4fddf6937c0c85ef65ba69bfe133b1146193a25bcf6ae1f9dd
SHA256=7dfc2eb033d2e090540860b8853036f40736d02bd22099ff6cf665a90be659cd
SHA256=7e3b0b8d3e430074109d85729201d7c34bc5b918c0bcb9f64ce88c5e37e1a456
SHA256=7e81beae78e1ddbf6c150e15667e1f18783f9b0ab7fbe52c7ab63e754135948d
SHA256=7e0124fcc7c95fdc34408cf154cb41e654dade8b898c71ad587b2090b1da30d7
SHA256=7ec93f34eb323823eb199fbf8d06219086d517d0e8f4b9e348d7afd41ec9fd5d
SHA256=7f5dc63e5742096e4accaca39ae77a2a2142b438c10f97860dee4054b51d3b35
SHA256=7f190f6e5ab0edafd63391506c2360230af4c2d56c45fc8996a168a1fc12d457
SHA256=7f375639a0df7fe51e5518cf87c3f513c55bc117db47d28da8c615642eb18bfa
SHA256=08eb2d2aa25c5f0af4e72a7e0126735536f6c2c05e9c7437282171afe5e322c6
SHA256=8b92cdb91a2e2fab3881d54f5862e723826b759749f837a11c9e9d85d52095a2
SHA256=8bda0108de82ebeae82f43108046c5feb6f042e312fa0115475a9e32274fae59
SHA256=8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6
SHA256=8c748ae5dcc10614cc134064c99367d28f3131d1f1dda0c9c29e99279dc1bdd9
SHA256=8cb62c5d41148de416014f80bd1fd033fd4d2bd504cb05b90eeb6992a382d58f
SHA256=8cf0cbbdc43f9b977f0fb79e0a0dd0e1adabe08a67d0f40d727c717c747de775
SHA256=8cfd5b2102fbc77018c7fe6019ec15f07da497f6d73c32a31f4ba07e67ec85d9
SHA256=8d57e416ea4bb855b78a2ff3c80de1dfbb5dc5ee9bfbdddb23e46bd8619287e2
SHA256=8e5aef7c66c0e92dfc037ee29ade1c8484b8d7fadebdcf521d2763b1d8215126
SHA256=8e88cb80328c3dbaa2752591692e74a2fae7e146d7d8aabc9b9ac9a6fe561e6c
SHA256=8e6363a6393eb4234667c6f614b2072e33512866b3204f8395bbe01530d63f2f
SHA256=8ef0ad86500094e8fa3d9e7d53163aa6feef67c09575c169873c494ed66f057f
SHA256=8f68ca89910ebe9da3d02ec82d935de1814d79c44f36cd30ea02fa49ae488f00
SHA256=8f23313adb35782adb0ba97fefbfbb8bbc5fc40ae272e07f6d4629a5305a3fa2
SHA256=8fe9828bea83adc8b1429394db7a556a17f79846ad0bfb7f242084a5c96edf2a
SHA256=09b0e07af8b17db1d896b78da4dd3f55db76738ee1f4ced083a97d737334a184
SHA256=09bedbf7a41e0f8dabe4f41d331db58373ce15b2e9204540873a1884f38bdde1
SHA256=9a1d66036b0868bbb1b2823209fedea61a301d5dd245f8e7d390bd31e52d663e
SHA256=9a54ef5cfbe6db599322967ee2c84db7daabcb468be10a3ccfcaa0f64d9173c7
SHA256=9a91d6e83b8fdec536580f6617f10dfc64eedf14ead29a6a644eb154426622ba
SHA256=9a95a70f68144980f2d684e96c79bdc93ebca1587f46afae6962478631e85d0c
SHA256=9a523854fe84f15efc1635d7f5d3e71812c45d6a4d2c99c29fdc4b4d9c84954c
SHA256=9b1ac756e35f795dd91adbc841e78db23cb7165280f8d4a01df663128b66d194
SHA256=9b2f051ac901ab47d0012a1002cb8b2db28c14e9480c0dd55e1ac11c81ba9285
SHA256=9b6a84f7c40ea51c38cc4d2e93efb3375e9d98d4894a85941190d94fbe73a4e4
SHA256=9c10e2ec4f9ef591415f9a784b93dc9c9cdafa7c69602c0dc860c5b62222e449
SHA256=9d5ebd0f4585ec20a5fe3c5276df13ece5a2645d3d6f70cedcda979bd1248fc2
SHA256=9d58f640c7295952b71bdcb456cae37213baccdcd3032c1e3aeb54e79081f395
SHA256=9dab4b6fddc8e1ec0a186aa8382b184a5d52cfcabaaf04ff9e3767021eb09cf4
SHA256=9ee33ffd80611a13779df6286c1e04d3c151f1e2f65e3d664a08997fcd098ef3
SHA256=9f4ce6ab5e8d44f355426d9a6ab79833709f39b300733b5b251a0766e895e0e5
SHA256=9f1229cd8dd9092c27a01f5d56e3c0d59c2bb9f0139abf042e56f343637fda33
SHA256=9f1025601d17945c3a47026814bdec353ee363966e62dba7fe2673da5ce50def
SHA256=9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374
SHA256=11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
SHA256=11d258e05b850dcc9ecfacccc9486e54bd928aaa3d5e9942696c323fdbd3481b
SHA256=12eda8b65ed8c1d80464a0c535ea099dffdb4981c134294cb0fa424efc85ee56
SHA256=14adbf0bc43414a7700e5403100cff7fc6ade50bebfab16a17acf2fdda5a9da8
SHA256=15c53eb3a0ea44bbd2901a45a6ebeae29bb123f9c1115c38dfb2cdbec0642229
SHA256=15fb486b6b8c2a2f1b067f48fba10c2f164638fe5e6cee618fb84463578ecac9
SHA256=16a2e578bc8683f17a175480fea4f53c838cfae965f1d4caa47eaf9e0b3415c1
SHA256=18deed37f60b6aa8634dda2565a0485452487d7bce88afb49301a7352db4e506
SHA256=18e1707b319c279c7e0204074088cc39286007a1cf6cb6e269d5067d8d0628c6
SHA256=19a212e6fc324f4cb9ee5eba60f5c1fc0191799a4432265cbeaa3307c76a7fc0
SHA256=19bf0d0f55d2ad33ef2d105520bde8fb4286f00e9d7a721e3c9587b9408a0775
SHA256=19d0fc91b70d7a719f7a28b4ad929f114bf1de94a4c7cba5ad821285a4485da0
SHA256=20f11a64bc4548f4edb47e3d3418da0f6d54a83158224b71662a6292bf45b5fb
SHA256=21ccdd306b5183c00ecfd0475b3152e7d94b921e858e59b68a03e925d1715f21
SHA256=22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c
SHA256=23ba19352b1e71a965260bf4d5120f0200709ee8657ed381043bec9a938a1ade
SHA256=025e7be9fcefd6a83f4471bba0c11f1c11bd5047047d26626da24ee9a419cdc4
SHA256=26c28746e947389856543837aa59a5b1f4697e5721a04d00aa28151a2659b097
SHA256=26e3bfef255efd052a84c3c43994c73222b14c95db9a4b1fc2e98f1a5cb26e43
SHA256=26f41e4268be59f5de07552b51fa52d18d88be94f8895eb4a16de0f3940cf712
SHA256=27cd05527feb020084a4a76579c125458571da8843cdfc3733211760a11da970
SHA256=29a90ae1dcee66335ece4287a06482716530509912be863c85a2a03a6450a5b6
SHA256=29e0062a017a93b2f2f5207a608a96df4d554c5de976bd0276c2590a03bd3e94
SHA256=30abc0cc700fdebc74e62d574addc08f6227f9c7177d9eaa8cbc37d5c017c9bb
SHA256=31d8fc6f5fb837d5eb29db828d13ba8ee11867d86a90b2c2483a578e1d0ec43a
SHA256=31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427
SHA256=31f4140c12ac31f5729a8de4dc051d3acd07783564604df831a2a6722c979192
SHA256=32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351
SHA256=32e1a8513eee746d17eb5402fb9d8ff9507fb6e1238e7ff06f7a5c50ff3df993
SHA256=34bee22c18ddbddbe115cf1ab55cabf0e482aba1eb2c343153577fb24b7226d3
SHA256=34e0364a4952d914f23f271d36e11161fb6bb7b64aea22ff965a967825a4a4bf
SHA256=36aafa127736c7226c50061ea065f71e14f64ec60321f705bc52686d24117e0d
SHA256=36b9e31240ab0341873c7092b63e2e0f2cab2962ebf9b25271c3a1216b7669eb
SHA256=36e3127f045ef1fa7426a3ff8c441092d3b66923d2b69826034e48306609e289
SHA256=37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9
SHA256=37dde6bd8a7a36111c3ac57e0ac20bbb93ce3374d0852bcacc9a2c8c8c30079e
SHA256=38b3eb8c86201d26353aab625cea672e60c2f66ce6f5e5eda673e8c3478bf305
SHA256=38bb9751a3a1f072d518afe6921a66ee6d5cf6d25bc50af49e1925f20d75d4d7
SHA256=38c18db050b0b2b07f657c03db1c9595febae0319c746c3eede677e21cd238b0
SHA256=38d87b51f4b69ba2dae1477684a1415f1a3b578eee5e1126673b1beaefee9a20
SHA256=38fa0c663c8689048726666f1c5e019feaa9da8278f1df6ff62da33961891d2a
SHA256=39cfde7d401efce4f550e0a9461f5fc4d71fa07235e1336e4f0b4882bd76550e
SHA256=42e170a7ab1d2c160d60abfc906872f9cfd0c2ee169ed76f6acb3f83b3eeefdb
SHA256=42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f
SHA256=43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89
SHA256=45abdbcd4c0916b7d9faaf1cd08543a3a5178871074628e0126a6eda890d26e0
SHA256=45ba688a4bded8a7e78a4f5b0dc21004e951ddceb014bb92f51a3301d2fbc56a
SHA256=45c3d607cb57a1714c1c604a25cbadf2779f4734855d0e43aa394073b6966b26
SHA256=45f42c5d874369d6be270ea27a5511efcca512aeac7977f83a51b7c4dee6b5ef
SHA256=47eaebc920ccf99e09fc9924feb6b19b8a28589f52783327067c9b09754b5e84
SHA256=47f0cdaa2359a63ad1389ef4a635f1f6eee1f63bdf6ef177f114bdcdadc2e005
SHA256=47f08f7d30d824a8f4bb8a98916401a37c0fd8502db308aba91fe3112b892dcc
SHA256=49ed27460730b62403c1d2e4930573121ab0c86c442854bc0a62415ca445a810
SHA256=49f75746eebe14e5db11706b3e58accc62d4034d2f1c05c681ecef5d1ad933ba
SHA256=50d5eaa168c077ce5b7f15b3f2c43bd2b86b07b1e926c1b332f8cb13bd2e0793
SHA256=50db5480d0392a7dd6ab5df98389dc24d1ed1e9c98c9c35964b19dabcd6dc67f
SHA256=51e91dd108d974ae809e5fc23f6fbd16e13f672f86aa594dae4a5c4bc629b0b5
SHA256=53eaefba7e7dca9ab74e385abf18762f9f1aa51594e7f7db5ba612d6c787dd7e
SHA256=55a1535e173c998fbbc978009b02d36ca0c737340d84ac2a8da73dfc2f450ef9
SHA256=55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a
SHA256=56a3c9ac137d862a85b4004f043d46542a1b61c6acb438098a9640469e2d80e7
SHA256=57a389da784269bb2cc0a258500f6dfbf4f6269276e1192619ce439ec77f4572
SHA256=58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495
SHA256=58c071cfe72e9ee867bba85cbd0abe72eb223d27978d6f0650d0103553839b59
SHA256=59b09bd69923c0b3de3239e73205b1846a5f69043546d471b259887bb141d879
SHA256=60b163776e7b95e0c2280d04476304d0c943b484909131f340e3ce6045a49289
SHA256=60c6f4f34c7319cb3f9ca682e59d92711a05a2688badbae4891b1303cd384813
SHA256=61a1bdddd3c512e681818debb5bee94db701768fc25e674fcad46592a3259bd0
SHA256=61befeef14783eb0fed679fca179d2f5c33eb2dcbd40980669ca2ebeb3bf11cf
SHA256=61d6e40601fa368800980801a662a5b3b36e3c23296e8ae1c85726a56ef18cc8
SHA256=62f5e13b2edc00128716cb93e6a9eddffea67ce83d2bb426f18f5be08ead89e0
SHA256=64f9e664bc6d4b8f5f68616dd50ae819c3e60452efd5e589d6604b9356841b57
SHA256=65c26276cadda7a36f8977d1d01120edb5c3418be2317d501761092d5f9916c9
SHA256=65db1b259e305a52042e07e111f4fa4af16542c8bacd33655f753ef642228890
SHA256=69e3fda487a5ec2ec0f67b7d79a5a836ff0036497b2d1aec514c67d2efa789b2
SHA256=71fe5af0f1564dc187eea8d59c0fbc897712afa07d18316d2080330ba17cf009
SHA256=71ff60722231c7641ad593756108cf6779dbaad21c7b08065fb1d4e225eab14d
SHA256=72b99147839bcfb062d29014ec09fe20a8f261748b5925b00171ef3cb849a4c1
SHA256=72c0d2d699d0440db17cb7cbbc06a253eaafd21465f14bb0fed8b85ae73153d1
SHA256=074ae477c8c7ae76c6f2b0bf77ac17935a8e8ee51b52155d2821d93ab30f3761
SHA256=74a846c61adc53692d3040aff4c1916f32987ad72b07fe226e9e7dbeff1036c4
SHA256=075de997497262a9d105afeadaaefc6348b25ce0e0126505c24aa9396c251e85
SHA256=76b86543ce05540048f954fed37bdda66360c4a3ddb8328213d5aef7a960c184
SHA256=76e807b6c0214e66455f09a8de8faad40b738982ca84470f0043de0290449524
SHA256=76fb4deaee57ef30e56c382c92abffe2cf616d08dbecb3368c8ee6b02e59f303
SHA256=077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356
SHA256=77c5e95b872b1d815d6d3ed28b399ca39f3427eeb0143f49982120ff732285a9
SHA256=79e2d37632c417138970b4feba91b7e10c2ea251c5efe3d1fc6fa0190f176b57
SHA256=79e87b93fbed84ec09261b3a0145c935f7dfe4d4805edfb563b2f971a0d51463
SHA256=80a59ca71fc20961ccafc0686051e86ae4afbbd4578cb26ad4570b9207651085
SHA256=80cbba9f404df3e642f22c476664d63d7c229d45d34f5cd0e19c65eb41becec3
SHA256=80eeb8c2890f3535ed14f5881baf2f2226e6763be099d09fb8aadaba5b4474c1
SHA256=81aafae4c4158d0b9a6431aff0410745a0f6a43fb20a9ab316ffeb8c2e2ccac0
SHA256=082c39fe2e3217004206535e271ebd45c11eb072efde4cc9885b25ba5c39f91d
SHA256=82fbcb371d53b8a76a25fbbafaae31147c0d1f6b9f26b3ea45262c2267386989
SHA256=83f7be0a13c1fccf024c31da5c68c0ea1decf4f48fc39d6e4fd324bbe789ae8a
SHA256=84bf1d0bcdf175cfe8aea2973e0373015793d43907410ae97e2071b2c4b8e2d4
SHA256=84df20b1d9d87e305c92e5ffae21b10b325609d59d835a954dbd8750ef5dabf4
SHA256=86a1b1bacc0c51332c9979e6aad84b5fba335df6b9a096ccb7681ab0779a8882
SHA256=86a8e0aa29a5b52c84921188cc1f0eca9a7904dcfe09544602933d8377720219
SHA256=88df37ede18bea511f1782c1a6c4915690b29591cf2c1bf5f52201fbbb4fa2b9
SHA256=88e2e6a705d3fb71b966d9fb46dc5a4b015548daf585fb54dfcd81dc0bd3ebdc
SHA256=89b0017bc30cc026e32b758c66a1af88bd54c6a78e11ec2908ff854e00ac46be
SHA256=89b9823ed974a5b71de8468324d45b7e9d6dc914f93615ba86c6209b25b3cbf7
SHA256=092d04284fdeb6762e65e6ac5b813920d6c69a5e99d110769c5c1a78e11c5ba0
SHA256=93b266f38c3c3eaab475d81597abbd7cc07943035068bb6fd670dbbe15de0131
SHA256=93d873cdf23d5edc622b74f9544cac7fe247d7a68e1e2a7bf2879fad97a3ae63
SHA256=94be67c319a67de75ebed050d5537cfaa795d72bba52f3d8cf349e7bd075410e
SHA256=95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3
SHA256=97b32ddf83f75637e3ba934df117081dd6a1c57d47a4c9700d35e736da11d5bd
SHA256=98a123b314cba2de65f899cdbfa386532f178333389e0f0fbd544aff85be02eb
SHA256=98b734dda78c16ebcaa4afeb31007926542b63b2f163b2f733fa0d00dbb344d8
SHA256=99f4994a0e5bd1bf6e3f637d3225c69ff4cd620557e23637533e7f18d7d6cba1
SHA256=119c48b79735fda0ecd973d77d9bdc6b329960caed09b38ab454236ca039d280
SHA256=131d5490ceb9a5b2324d8e927fea5becfc633015661de2f4c2f2375a3a3b64c6
SHA256=133e542842656197c5d22429bd56d57aa33c9522897fdf29853a6d321033c743
SHA256=146d77e80ca70ea5cb17bfc9a5cea92334f809cbdc87a51c2d10b8579a4b9c88
SHA256=159e7c5a12157af92e0d14a0d3ea116f91c09e21a9831486e6dc592c93c10980
SHA256=175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347
SHA256=221dfbc74bbb255b0879360ccc71a74b756b2e0f16e9386b38a9ce9d4e2e34f9
SHA256=263e8f1e20612849aea95272da85773f577fd962a7a6d525b53f43407aa7ad24
SHA256=0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5
SHA256=316a27e2bdb86222bc7c8af4e5472166b02aec7f3f526901ce939094e5861f6d
SHA256=358ac54be252673841a1d65bfc2fb6d549c1a4c877fa7f5e1bfa188f30375d69
SHA256=362c4f3dadc9c393682664a139d65d80e32caa2a97b6e0361dfd713a73267ecc
SHA256=399effe75d32bdab6fa0a6bffe02dbf0a59219d940b654837c3be1c0bd02e9aa
SHA256=436ccab6f62fa2d29827916e054ade7acae485b3de1d3e5c6c62d3debf1480e7
SHA256=453be8f63cc6b116e2049659e081d896491cf1a426e3d5f029f98146a3f44233
SHA256=455bc98ba32adab8b47d2d89bdbadca4910f91c182ab2fc3211ba07d3784537b
SHA256=0466dac557ee161503f5dfbd3549f81ec760c3d6c7c4363a21a03e7a3f66aca8
SHA256=475e5016c9c0f5a127896f9179a1b1577a67b357f399ab5a1e68aab07134729a
SHA256=478d855b648ef4501d3b08b3b10e94076ac67546b0ce86b454324f1bf9a78aa0
SHA256=496f4a4021226fb0f1b5f71a7634c84114c29faa308746a12c2414adb6b2a40b
SHA256=506f953bbb285aeb8af0549eb24f52f3b7af36afe740afa36735bac70573ce28
SHA256=523d1d43e896077f32cd9acaa8e85b513bfb7b013a625e56f0d4e9675d9822ba
SHA256=525d9b51a80ca0cd4c5889a96f857e73f3a80da1ffbae59851e0f51bdfb0b6cd
SHA256=552f70374715e70c4ade591d65177be2539ec60f751223680dfaccb9e0be0ed9
SHA256=591bd5e92dfa0117b3daa29750e73e2db25baa717c31217539d30ffb1f7f3a52
SHA256=592f56b13e7dcaa285da64a0b9a48be7562bd9b0a190208b7c8b7d8de427cf6c
SHA256=600a2119657973112025db3c0eeab2e69d528bccfeed75f40c6ef50b059ec8a0
SHA256=607dc4c75ac7aef82ae0616a453866b3b358c6cf5c8f9d29e4d37f844306b97c
SHA256=626fae47811450d080d08c3d9fd890aa64bfecdc45eacd42a40850c1833c8763
SHA256=654c5ba47f74008c8f49cbb97988017eec8c898adc3bb851bc6e1fdf9dcf54ad
SHA256=673b63b67345773cd6d66f6adcf2c753e2d949232bff818d5bb6e05786538d92
SHA256=673bcec3d53fab5efd6e3bac25ac9d6cc51f6bbdf8336e38aade2713dc1ae11b
SHA256=677c0b1add3990fad51f492553d3533115c50a242a919437ccb145943011d2bf
SHA256=727e8ba66a8ff07bdc778eacb463b65f2d7167a6616ca2f259ea32571cacf8af
SHA256=771a8d05f1af6214e0ef0886662be500ee910ab99f0154227067fddcfe08a3dd
SHA256=818e396595d08d724666803cd29dac566dc7db23bf50e9919d04b33afa988c01
SHA256=823da894b2c73ffcd39e77366b6f1abf0ae9604d9b20140a54e6d55053aadeba
SHA256=845f1e228de249fc1ddf8dc28c39d03e8ad328a6277b6502d3932e83b879a65a
SHA256=862d0ff27bb086145a33b9261142838651b0d2e1403be321145e197600eb5015
SHA256=881bca6dc2dafe1ae18aeb59216af939a3ac37248c13ed42ad0e1048a3855461
SHA256=900dd68ccc72d73774a347b3290c4b6153ae496a81de722ebb043e2e99496f88
SHA256=904e0f7d485a98e8497d5ec6dd6e6e1cf0b8d8e067fb64a9e09790af3c8c9d5a
SHA256=909de5f21837ea2b13fdc4e5763589e6bdedb903f7c04e1d0b08776639774880
SHA256=910aa4685c735d8c07662aa04fafec463185699ad1a0cd1967b892fc33ec6c3c
SHA256=916c535957a3b8cbf3336b63b2260ea4055163a9e6b214f2a7005d6d36a4a677
SHA256=923ebbe8111e73d5b8ecc2db10f8ea2629a3264c3a535d01c3c118a3b4c91782
SHA256=927c2a580d51a598177fa54c65e9d2610f5f212f1b6cb2fbf2740b64368f010a
SHA256=950a4c0c772021cee26011a92194f0e58d61588f77f2873aa0599dff52a160c9
SHA256=955dac77a0148e9f9ed744f5d341cb9c9118261e52fe622ac6213965f2bc4cad
SHA256=984a77e5424c6d099051441005f2938ae92b31b5ad8f6521c6b001932862add7
SHA256=1023dcd4c80db19e9f82f95b1c5e1ddb60db7ac034848dd5cc1c78104a6350f4
SHA256=1078af0c70e03ac17c7b8aa5ee03593f5decfef2f536716646a4ded1e98c153c
SHA256=1273b74c3c1553eaa92e844fbd51f716356cc19cf77c2c780d4899ec7738fbd1
SHA256=1766fd66f846d9a21e648d649ad35d1ff94f8ca17a40a9a738444d6b8e07aacb
SHA256=1963d5a0e512b72353953aadbe694f73a9a576f0241a988378fa40bf574eda52
SHA256=2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d
SHA256=2101d5e80e92c55ecfd8c24fcf2202a206a4fd70195a1378f88c4cc04d336f22
SHA256=2121a2bb8ebbf2e6e82c782b6f3c6b7904f686aa495def25cf1cf52a42e16109
SHA256=2270a8144dabaf159c2888519b11b61e5e13acdaa997820c09798137bded3dd6
SHA256=2470fd1b733314c9b0afa19fd39c5d19aa1b36db598b5ebbe93445caa545da5f
SHA256=2594b3ef3675ca3a7b465b8ed4962e3251364bab13b12af00ebba7fa2211abb2
SHA256=3124b0411b8077605db2a9b7909d8240e0d554496600e2706e531c93c931e1b5
SHA256=3243aab18e273a9b9c4280a57aecef278e10bfff19abb260d7a7820e41739099
SHA256=3326e2d32bbabd69feb6024809afc56c7e39241ebe70a53728c77e80995422a5
SHA256=3384f4a892f7aa72c43280ff682d85c8e3936f37a68d978d307a9461149192de
SHA256=3503ea284b6819f9cb43b3e94c0bb1bf5945ccb37be6a898387e215197a4792a
SHA256=3724b39e97936bb20ada51c6119aded04530ed86f6b8d6b45fbfb2f3b9a4114b
SHA256=3871e16758a1778907667f78589359734f7f62f9dc953ec558946dcdbe6951e3
SHA256=3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838
SHA256=4045ae77859b1dbf13972451972eaaf6f3c97bea423e9e78f1c2f14330cd47ca
SHA256=4324f3d1e4007f6499a3d0f0102cd92ed9f554332bc0b633305cd7b957ff16c8
SHA256=4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b
SHA256=4744df6ac02ff0a3f9ad0bf47b15854bbebb73c936dd02f7c79293a2828406f6
SHA256=4880f40f2e557cff38100620b9aa1a3a753cb693af16cd3d95841583edcb57a8
SHA256=4941c4298f4560fc1e59d0f16f84bab5c060793700b82be2fd7c63735f1657a8
SHA256=5027fce41ed60906a0e76b97c95c2a5a83d57a2d1cd42de232a21f26c0d58e48
SHA256=5177a3b7393fb5855b2ec0a45d4c91660b958ee077e76e5a7d0669f2e04bcf02
SHA256=5192ec4501d0fe0b1c8f7bf9b778f7524a7a70a26bbbb66e5dab8480f6fdbb8b
SHA256=5351c81b4ec5a0d79c39d24bac7600d10eac30c13546fde43d23636b3f421e7c
SHA256=6071db01b50c658cf78665c24f1d21f21b4a12d16bfcfaa6813bf6bbc4d0a1e8
SHA256=6191c20426dd9b131122fb97e45be64a4d6ce98cc583406f38473434636ddedc
SHA256=06508aacb4ed0a1398a2b0da5fa2dbf7da435b56da76fd83c759a50a51c75caf
SHA256=7049f3c939efe76a5556c2a2c04386db51daf61d56b679f4868bb0983c996ebb
SHA256=7133a461aeb03b4d69d43f3d26cd1a9e3ee01694e97a0645a3d8aa1a44c39129
SHA256=7236c8ff33c0e5cfa956778aa7303f1979f3bf709c361399fa1ce101b7e355b8
SHA256=7837cb350338c4958968d06b105466da6518f5bb522a6e70e87c0cad85128408
SHA256=7877c1b0e7429453b750218ca491c2825dae684ad9616642eff7b41715c70aca
SHA256=8137ce22d0d0fc5ea5b174d6ad3506a4949506477b1325da2ccb76511f4c4f60
SHA256=8399e5afd8e3e97139dffb1a9fb00db2186321b427f164403282217cab067c38
SHA256=8688e43d94b41eeca2ed458b8fc0d02f74696a918e375ecd3842d8627e7a8f2b
SHA256=8797d9afc7a6bb0933f100a8acbb5d0666ec691779d522ac66c66817155b1c0d
SHA256=09043c51719d4bf6405c9a7a292bb9bb3bcc782f639b708ddcc4eedb5e5c9ce9
SHA256=9254f012009d55f555418ff85f7d93b184ab7cb0e37aecdfdab62cfe94dea96b
SHA256=9529efb1837b1005e5e8f477773752078e0a46500c748bc30c9b5084d04082e6
SHA256=9790a7b9d624b2b18768bb655dda4a05a9929633cef0b1521e79e40d7de0a05b
SHA256=17687cba00ec2c9036dd3cb5430aa1f4851e64990dafb4c8f06d88de5283d6ca
SHA256=17927b93b2d6ab4271c158f039cae2d60591d6a14458f5a5690aec86f5d54229
SHA256=18712a063574bfec315d58577dfe413ab45b650e54747d1e18a56c3c7337a12c
SHA256=19696fb0db3fcae22f705ae1eb1e9f1151c823f3ff5d8857e90f2a4a6fdc5758
SHA256=26453afb1f808f64bec87a2532a9361b696c0ed501d6b973a1f1b5ae152a4d40
SHA256=28999af32b55ddb7dcfc26376a244aa2fe297233ce7abe4919a1aef2f7e2cee7
SHA256=30706f110725199e338e9cc1c940d9a644d19a14f0eb8847712cba4cacda67ab
SHA256=37073e42ffa0322500f90cd7e3c8d02c4cdd695d31c77e81560abec20bfb68ba
SHA256=40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1
SHA256=42579a759f3f95f20a2c51d5ac2047a2662a2675b3fb9f46c1ed7f23393a0f00
SHA256=42851a01469ba97cdc38939b10cf9ea13237aa1f6c37b1ac84904c5a12a81fa0
SHA256=49329fa09f584d1960b09c1b15df18c0bc1c4fdb90bf48b6b5703e872040b668
SHA256=54841d9f89e195196e65aa881834804fe3678f1cf6b328cab8703edd15e3ec57
SHA256=59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347
SHA256=65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd
SHA256=67734c7c0130dd66c964f76965f09a2290da4b14c94412c0056046e700654bdc
SHA256=70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4
SHA256=72288d4978ee87ea6c8b1566dbd906107357087cef7364fb3dd1e1896d00baeb
SHA256=72322fa8bba20df6966acbcf41e83747893fd173cd29de99b5ad1a5d3bf8f2de
SHA256=76614f2e372f33100a8d92bf372cdbc1e183930ca747eed0b0cf2501293b990a
SHA256=76660e91f1ff3cb89630df5af4fe09de6098d09baa66b1a130c89c3c5edd5b22
SHA256=77950e2a40ac0447ae7ee1ee3ef1242ce22796a157074e6f04e345b1956e143c
SHA256=78827fa00ea48d96ac9af8d1c1e317d02ce11793e7f7f6e4c7aac7b5d7dd490f
SHA256=81939e5c12bd627ff268e9887d6fb57e95e6049f28921f3437898757e7f21469
SHA256=85866e8c25d82c1ec91d7a8076c7d073cccf421cf57d9c83d80d63943a4edd94
SHA256=86721ee8161096348ed3dbe1ccbf933ae004c315b1691745a8af4a0df9fed675
SHA256=89108a15f009b285db4ef94250b889d5b11b96b4aa7b190784a6d1396e893e10
SHA256=092349aebdac28294dbad1656759d8461f362d1a36b01054dccf861d97beadf0
SHA256=94911fe6f2aba9683b10353094caf71ee4a882de63b4620797629d79f18feec5
SHA256=101402d4f5d1ae413ded499c78a5fcbbc7e3bae9b000d64c1dd64e3c48c37558
SHA256=238046cfe126a1f8ab96d8b62f6aa5ec97bab830e2bae5b1b6ab2d31894c79e4
SHA256=258359a7fa3d975620c9810dab3a6493972876a024135feaf3ac8482179b2e79
SHA256=314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073
SHA256=385485e643aa611e97ceae6590c6a8c47155886123dbb9de1e704d0d1624d039
SHA256=405472a8f9400a54bb29d03b436ccd58cfd6442fe686f6d2ed4f63f002854659
SHA256=440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c
SHA256=509628b6d16d2428031311d7bd2add8d5f5160e9ecc0cd909f1e82bbbb3234d6
SHA256=543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91
SHA256=000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b
SHA256=708016fbe22c813a251098f8f992b177b476bd1bbc48c2ed4a122ff74910a965
SHA256=771015b2620942919bb2e0683476635b7a09db55216d6fbf03534cb18513b20c
SHA256=810513b3f4c8d29afb46f71816350088caacf46f1be361af55b26f3fee4662c3
SHA256=841335eeb6af68dce5b8b24151776281a751b95056a894991b23afae80e9f33b
SHA256=0909005d625866ef8ccd8ae8af5745a469f4f70561b644d6e38b80bccb53eb06
SHA256=952199c28332bc90cfd74530a77ee237967ed32b3c71322559c59f7a42187dc4
SHA256=2732050a7d836ae0bdc5c0aea4cdf8ce205618c3e7f613b8139c176e86476d0c
SHA256=3279593db91bb7ad5b489a01808c645eafafda6cc9c39f50d10ccc30203f2ddf
SHA256=3390919bb28d5c36cc348f9ef23be5fa49bfd81263eb7740826e4437cbe904cd
SHA256=4422851a0a102f654e95d3b79c357ae3af1b096d7d1576663c027cfbc04abaf9
SHA256=7196187fb1ef8d108b380d37b2af8efdeb3ca1f6eefd37b5dc114c609147216d
SHA256=7539157df91923d4575f7f57c8eb8b0fd87f064c919c1db85e73eebb2910b60c
SHA256=7893307df2fdde25371645a924f0333e1b2de31b6bc839d8e2a908d7830c6504
SHA256=8939116df1d6c8fd0ebd14b2d37b3dec38a8820aa666ecd487bc1bb794f2a587
SHA256=9778136d2441439dc470861d15d96fa21dc9f16225232cd05b76791a5e0fde6f
SHA256=16768203a471a19ebb541c942f45716e9f432985abbfbe6b4b7d61a798cea354
SHA256=18776682fcc0c6863147143759a8d4050a4115a8ede0136e49a7cf885c8a4805
SHA256=22418016e980e0a4a2d01ca210a17059916a4208352c1018b0079ccb19aaf86a
SHA256=36505921af5a09175395ebaea29c72b2a69a3a9204384a767a5be8a721f31b10
SHA256=36875562e747136313ec5db58174e5fab870997a054ca8d3987d181599c7db6a
SHA256=0040153302b88bee27eb4f1eca6855039e1a057370f5e8c615724fa5215bada3
SHA256=55963284bbd5a3297f39f12f0d8a01ed99fe59d008561e3537bcd4db4b4268fa
SHA256=65008817eb97635826a8708a6411d7b50f762bab81304e457119d669382944c3
SHA256=65025741ecd0ef516da01319b42c2d96e13cb8d78de53fb7e39cd53ea6d58c75
SHA256=91314768da140999e682d2a290d48b78bb25a35525ea12c1b1f9634d14602b2c
SHA256=478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82
SHA256=696679114f6a106ec94c21e2a33fe17af86368bcf9a796aaea37ea6e8748ad6a
SHA256=910479467ef17b9591d8d42305e7f6f247ad41c60ec890a1ffbe331f495ed135
SHA256=8111085022bda87e5f6aa4c195e743cc6dd6a3a6d41add475d267dc6b105a69f
SHA256=9679758455c69877fce866267d60c39d108b495dca183954e4af869902965b3d
SHA256=46621554728bc55438c7c241137af401250f062edef6e7efecf1a6f0f6d0c1f7
SHA256=48891874441c6fa69e5518d98c53d83b723573e280c6c65ccfbde9039a6458c9
SHA256=6948480954137987a0be626c24cf594390960242cd75f094cd6aaa5c2e7a54fa
SHA256=a2f45d95d54f4e110b577e621fefa0483fa0e3dcca14c500c298fb9209e491c1
SHA256=a3e507e713f11901017fc328186ae98e23de7cea5594687480229f77d45848d8
SHA256=a5a50449e2cc4d0dbc80496f757935ae38bf8a1bebdd6555a3495d8c219df2ad
SHA256=a7b000abbcc344444a9b00cfade7aa22ab92ce0cadec196c30eb1851ae4fa062
SHA256=a7c2e7910942dd5e43e2f4eb159bcd2b4e71366e34a68109548b9fb12ac0f7cc
SHA256=a7c8f4faf3cbb088cac7753d81f8ec4c38ccb97cd9da817741f49272e8d01200
SHA256=a56c2a2425eb3a4260cc7fc5c8d7bed7a3b4cd2af256185f24471c668853aee8
SHA256=a59c40e7470b7003e8adfee37c77606663e78d7e3f2ebb8d60910af19924d8df
SHA256=a334bdf0c0ab07803380eb6ef83eefe7c147d6962595dd9c943a6a76f2200b0d
SHA256=a566af57d88f37fa033e64b1d8abbd3ffdacaba260475fbbc8dab846a824eff5
SHA256=a899b659b08fbae30b182443be8ffb6a6471c1d0497b52293061754886a937a3
SHA256=a903f329b70f0078197cb7683aae1bb432eaf58572fe572f7cb4bc2080042d7e
SHA256=a961f5939088238d76757669a9a81905e33f247c9c635b908daac146ae063499
SHA256=a4680fabf606d6580893434e81c130ff7ec9467a15e6534692443465f264d3c9
SHA256=a7860e110f7a292d621006b7208a634504fb5be417fd71e219060381b9a891e6
SHA256=a8027daa6facf1ff81405daf6763249e9acf232a1a191b6bf106711630e6188e
SHA256=a9706e320179993dade519a83061477ace195daa1b788662825484813001f526
SHA256=a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433
SHA256=a2353030d4ea3ad9e874a0f7ff35bbfa10562c98c949d88cabab27102bbb8e48
SHA256=a072197177aad26c31960694e38e2cae85afbab070929e67e331b99d3a418cf4
SHA256=aa9ab1195dc866270e984f1bed5e1358d6ef24c515dfdb6c2a92d1e1b94bf608
SHA256=aaa3459bcac25423f78ed72dbae4d7ef19e7c5c65770cbe5210b14e33cd1816c
SHA256=aafb95a443911e4c67d4e45ffa83cca103c91b42915b81100534dc439bec0c1b
SHA256=ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89
SHA256=ab2632a4d93a7f3b7598c06a9fdc773a1b1b69a7dd926bdb7cf578992628e9dd
SHA256=ab0925398f3fa69a67eacee2bbb7b34ac395bb309df7fc7a9a9b8103ef41ed7a
SHA256=ac3f613d457fc4d44fa27b2e0b1baa62c09415705efb5a40a4756da39b3ac165
SHA256=ac63c26ca43701dddaa7fb1aea535d42190f88752900a03040fd5aaa24991e25
SHA256=ad8ffccfde782bc287241152cf24245a8bf21c2530d81c57e17631b3c4adb833
SHA256=ad23d77a38655acb71216824e363df8ac41a48a1a0080f35a0d23aa14b54460b
SHA256=ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173
SHA256=ad2477632b9b07588cfe0e692f244c05fa4202975c1fe91dd3b90fa911ac6058
SHA256=ada4e42bf5ef58ef1aad94435441003b1cc1fcaa5d38bfdbe1a3d736dc451d47
SHA256=adc10de960f40fa9f6e28449748250fa9ddfd331115b77a79809a50c606753ee
SHA256=ae6fb53e4d8122dba3a65e5fa59185b36c3ac9df46e82fcfb6731ab55c6395aa
SHA256=ae42afa9be9aa6f6a5ae09fa9c05cd2dfb7861dc72d4fd8e0130e5843756c471
SHA256=ae79e760c739d6214c1e314728a78a6cb6060cce206fde2440a69735d639a0a2
SHA256=aebcbfca180e372a048b682a4859fd520c98b5b63f6e3a627c626cb35adc0399
SHA256=af095de15a16255ca1b2c27dad365dff9ac32d2a75e8e288f5a1307680781685
SHA256=af1011c76a22af7be97a0b3e0ce11aca0509820c59fa7c8eeaaa1b2c0225f75a
SHA256=afdd66562dea51001c3a9de300f91fc3eb965d6848dfce92ccb9b75853e02508
SHA256=b1d96233235a62dbb21b8dbe2d1ae333199669f67664b107bff1ad49b41d9414
SHA256=b2ba6efeff1860614b150916a77c9278f19d51e459e67a069ccd15f985cbc0e1
SHA256=b03f26009de2e8eabfcf6152f49b02a55c5e5d0f73e01d48f5a745f93ce93a29
SHA256=b4d47ea790920a4531e3df5a4b4b0721b7fea6b49a35679f0652f1e590422602
SHA256=b6fd51e1f57a03006953e84fd56cc2821cc19e7c77c0474e1110aabaacaf03df
SHA256=b7a20b5f15e1871b392782c46ebcc897929443d82073ee4dcb3874b6a5976b5d
SHA256=b8b94c2646b62f6ac08f16514b6efaa9866aa3c581e4c0435a7aeafe569b2418
SHA256=b9a4e40a5d80fedd1037eaed958f9f9efed41eb01ada73d51b5dcd86e27e0cbf
SHA256=b9b3878ddc5dfb237d38f8d25067267870afd67d12a330397a8853209c4d889c
SHA256=b019ebd77ac19cdd72bba3318032752649bd56a7576723a8ae1cccd70ee1e61a
SHA256=b37b3c6877b70289c0f43aeb71349f7344b06063996e6347c3c18d8c5de77f3b
SHA256=b47be212352d407d0ef7458a7161c66b47c2aec8391dd101df11e65728337a6a
SHA256=b48a309ee0960da3caaaaf1e794e8c409993aeb3a2b64809f36b97aac8a1e62a
SHA256=b50ffc60eaa4fb7429fdbb67c0aba0c7085f5129564d0a113fec231c5f8ff62e
SHA256=b51ddcf8309c80384986dda9b11bf7856b030e3e885b0856efdb9e84064917e5
SHA256=b95b2d9b29bd25659f1c7ba5a187f8d23cde01162d9b5b1a2c4aea8f64b38441
SHA256=b179e1ab6dc0b1aee783adbcad4ad6bb75a8a64cb798f30c0dd2ee8aaf43e6de
SHA256=b1334a71cc73b3d0c54f62d8011bec330dfc355a239bf94a121f6e4c86a30a2e
SHA256=b1867d13a4cab66a76f4d4448824ca0cb3a176064626f9618c0c103ee3cb4f47
SHA256=b17507a3246020fa0052a172485d7b3567e0161747927f2edf27c40e310852e0
SHA256=b61869b7945be062630f1dd4bae919aecee8927f7e1bc3954a21ff763f4c0867
SHA256=b583414fcee280128788f7b39451c511376fe821f455d4f3702795e96d560704
SHA256=b773511fdb2e370dec042530910a905472fcc2558eb108b246fd3200171b04d3
SHA256=bac709c49ddee363c8e59e515f2f632324a0359e932b7d8cb1ce2d52a95981aa
SHA256=bb1135b51acca8348d285dc5461d10e8f57260e7d0c8cc4a092734d53fc40cbc
SHA256=bb50818a07b0eb1bd317467139b7eb4bad6cd89053fecdabfeae111689825955
SHA256=bb68552936a6b0a68fb53ce864a6387d2698332aac10a7adfdd5a48b97027ce3
SHA256=bc7ebd191e0991fd0865a5c956a92e63792a0bb2ff888af43f7a63bb65a22248
SHA256=bc13adeb6bf62b1e10ef41205ef92382e6c18d6a20669d288a0b11058e533d63
SHA256=bced04bdefad6a08c763265d6993f07aa2feb57d33ed057f162a947cf0e6668f
SHA256=bcfc2c9883e6c1b8429be44cc4db988a9eecb544988fbd756d18cfca6201876f
SHA256=bda99629ec6c522c3efcbcc9ca33688d31903146f05b37d0d3b43db81bfb3961
SHA256=bdbceca41e576841cad2f2b38ee6dbf92fd77fbbfdfe6ecf99f0623d44ef182c
SHA256=bdcacee3695583a0ca38b9a786b9f7334bf2a9a3387e4069c8e6ca378b2791d0
SHA256=be03e9541f56ac6ed1e81407dcd7cc85c0ffc538c3c2c2c8a9c747edbcf13100
SHA256=be8dd2d39a527649e34dc77ef8bc07193a4234b38597b8f51e519dadc5479ec2
SHA256=be54f7279e69fb7651f98e91d24069dbc7c4c67e65850e486622ccbdc44d9a57
SHA256=c1c4310e5d467d24e864177bdbfc57cb5d29aac697481bfa9c11ddbeebfd4cc8
SHA256=c2a4ddcc9c3b339d752c48925d62fc4cc5adbf6fae8fedef74cdd47e88da01f8
SHA256=c2fcc0fec64d5647813b84b9049d430406c4c6a7b9f8b725da21bcae2ff12247
SHA256=c3e150eb7e7292f70299d3054ed429156a4c32b1f7466a706a2b99249022979e
SHA256=c8eaa5e6d3230b93c126d2d58e32409e4aeeb23ccf0dd047a17f1ef552f92fe9
SHA256=c9b49b52b493b53cd49c12c3fa9553e57c5394555b64e32d1208f5b96a5b8c6e
SHA256=c9cf1d627078f63a36bbde364cd0d5f2be1714124d186c06db5bcdf549a109f8
SHA256=c26b51b4c37330800cff8519252e110116c3aaade94ceb9894ec5bfb1b8f9924
SHA256=c50f8ab8538c557963252b702c1bd3cee4604b5fc2497705d2a6a3fd87e3cc26
SHA256=c60fcff9c8e5243bbb22ec94618b9dcb02c59bb49b90c04d7d6ab3ebbd58dc3a
SHA256=c64d4ac416363c7a1aa828929544d1c1d78cf032b39769943b851cfc4c0faafc
SHA256=c089a31ac95d41ed02d1e4574962f53376b36a9e60ff87769d221dc7d1a3ecfa
SHA256=c344e92a6d06155a217a9af7b4b35e6653665eec6569292e7b2e70f3a3027646
SHA256=c470c9db58840149ce002f3e6003382ecf740884a683bae8f9d10831be218fa2
SHA256=c628cda1ef43defc00af45b79949675a8422490d32b080b3a8bb9434242bdbf2
SHA256=c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5
SHA256=c8940e2e9b069ec94f9f711150b313b437f8429f78d522810601b6ee8b52bada
SHA256=c9014b03866bf37faa8fdb16b6af7cfec976aaef179fd5797d0c0bf8079d3a8c
SHA256=c299063e3eae8ddc15839767e83b9808fd43418dc5a1af7e4f44b97ba53fbd3d
SHA256=c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c
SHA256=c082514317bf80a2f5129d84a5a55e411a95e32d03a4df1274537704c80e41dd
SHA256=caa85c44eb511377ea7426ff10df00a701c07ffb384eef8287636a4bca0b53ab
SHA256=cb57f3a7fe9e1f8e63332c563b0a319b26c944be839eabc03e9a3277756ba612
SHA256=cb9890d4e303a4c03095d7bc176c42dee1b47d8aa58e2f442ec1514c8f9e3cec
SHA256=cbb8239a765bf5b2c1b6a5c8832d2cab8fef5deacadfb65d8ed43ef56d291ab6
SHA256=cc383ad11e9d06047a1558ed343f389492da3ac2b84b71462aee502a2fa616c8
SHA256=cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64
SHA256=cc586254e9e89e88334adee44e332166119307e79c2f18f6c2ab90ce8ba7fc9b
SHA256=cd4a249c3ef65af285d0f8f30a8a96e83688486aab515836318a2559757a89bb
SHA256=cdd2a4575a46bada4837a6153a79c14d60ee3129830717ef09e0e3efd9d00812
SHA256=cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc
SHA256=ce23c2dae4cca4771ea50ec737093dfafac06c64db0f924a1ccbbf687e33f5a2
SHA256=cf3a7d4285d65bf8688215407bce1b51d7c6b22497f09021f0fce31cbeb78986
SHA256=cf4b5fa853ce809f1924df3a3ae3c4e191878c4ea5248d8785dc7e51807a512b
SHA256=cf3180f5308af002ac5d6fd5b75d1340878c375f0aebc3157e3bcad6322b7190
SHA256=cf69704755ec2643dfd245ae1d4e15d77f306aeb1a576ffa159453de1a7345cb
SHA256=cfb7af8ac67a379e7869289aeee21837c448ea6f8ab6c93988e7aa423653bd40
SHA256=cfc5c585dd4e592dd1a08887ded28b92d9a5820587b6f4f8fa4f56d60289259b
SHA256=cfcf32f5662791f1f22a77acb6dddfbc970fe6e99506969b3ea67c03f67687ab
SHA256=cff9aa9046bdfd781d34f607d901a431a51bb7e5f48f4f681cc743b2cdedc98c
SHA256=d0bd1ae72aeb5f3eabf1531a635f990e5eaae7fdd560342f915f723766c80889
SHA256=d0e25b879d830e4f867b09d6540a664b6f88bad353cd14494c33b31a8091f605
SHA256=d1f4949f76d8ac9f2fa844d16b1b45fb1375d149d46e414e4a4c9424dc66c91f
SHA256=d5c4ff35eaa74ccdb80c7197d3d113c9cd38561070f2aa69c0affe8ed84a77c9
SHA256=d7bc7306cb489fe4c285bbeddc6d1a09e814ef55cf30bd5b8daf87a52396f102
SHA256=d7ddf874304556f8a10942a29b3d387cb5155a7419f87813557fe728cb14806d
SHA256=d7e091e0d478c34232e8479b950c5513077b3a69309885cee4c61063e5f74ac0
SHA256=d8b58f6a89a7618558e37afc360cd772b6731e3ba367f8d58734ecee2244a530
SHA256=d92eab70bcece4432258c9c9a914483a2267f6ab5ce2630048d3a99e8cb1b482
SHA256=d636c011b8b2896572f5de260eb997182cc6955449b044a739bd19cbe6fdabd2
SHA256=d783ace822f8fe4e25d5387e5dd249cb72e62f62079023216dc436f1853a150f
SHA256=d884ca8cc4ef1826ca3ab03eb3c2d8f356ba25f2d20db0a7d9fc251c565be7f3
SHA256=d5562fb90b0b3deb633ab335bcbd82ce10953466a428b3f27cb5b226b453eaf3
SHA256=d5586dc1e61796a9ae5e5d1ced397874753056c3df2eb963a8916287e1929a71
SHA256=d6827cd3a8f273a66ecc33bb915df6c7dea5cc1b8134b0c348303ef50db33476
SHA256=d8459f7d707c635e2c04d6d6d47b63f73ba3f6629702c7a6e0df0462f6478ae2
SHA256=d25904fbf907e19f366d54962ff543d9f53b8fdfd2416c8b9796b6a8dd430e26
SHA256=d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e
SHA256=d969845ef6acc8e5d3421a7ce7e244f419989710871313b04148f9b322751e5d
SHA256=d74755311d127d0eb7454e56babc2db8dbaa814bc4ba8e2a7754d3e0224778e1
SHA256=da6ca1fb539f825ca0f012ed6976baf57ef9c70143b7a1e88b4650bf7a925e24
SHA256=da11e9598eef033722b97873d1c046270dd039d0e3ee6cd37911e2dc2eb2608d
SHA256=db2a9247177e8cdd50fe9433d066b86ffd2a84301aa6b2eb60f361cfff077004
SHA256=db90e554ad249c2bd888282ecf7d8da4d1538dd364129a3327b54f8242dd5653
SHA256=dbb457ae1bd07a945a1466ce4a206c625e590aee3922fa7d86fbe956beccfc98
SHA256=dbc604b4e01362a3e51357af4a87686834fe913852a4e0a8c0d4c1a0f7d076ed
SHA256=dbe9f17313e1164f06401234b875fbc7f71d41dc7271de643865af1358841fef
SHA256=dcb815eb8e9016608d0d917101b6af8c84b96fb709dc0344bceed02cbc4ed258
SHA256=dd4a1253d47de14ef83f1bc8b40816a86ccf90d1e624c5adf9203ae9d51d4097
SHA256=dd573f23d656818036fc9ae1064eda31aca86acb9bc44a6e127db3ea112a9094
SHA256=dde6f28b3f7f2abbee59d4864435108791631e9cb4cdfb1f178e5aa9859956d8
SHA256=de6bf572d39e2611773e7a01f0388f84fb25da6cba2f1f8b9b36ffba467de6fa
SHA256=de8f8006d8ee429b5f333503defa54b25447f4ed6aeade5e4219e23f3473ef1c
SHA256=de3597ae7196ca8c0750dce296a8a4f58893774f764455a125464766fcc9b3b5
SHA256=dec8a933dba04463ed9bb7d53338ff87f2c23cfb79e0e988449fc631252c9dcc
SHA256=ded2927f9a4e64eefd09d0caba78e94f309e3a6292841ae81d5528cab109f95d
SHA256=deecbcd260849178de421d8e2f177dce5c63cf67a48abb23a0e3cf3aa3e00578
SHA256=df0cc4e5c9802f8edaefeb130e375cad56b2c5490d8ebd77d8dbdcc6fdc7ecb6
SHA256=df0dcfb3971829af79629efd036b8e1c6e2127481b3644ccc6e2ddd387489a15
SHA256=dfaefd06b680f9ea837e7815fc1cc7d1f4cc375641ac850667ab20739f46ad22
SHA256=e0b5a5f8333fc1213791af5c5814d7a99615b3951361ca75f8aa5022c9cfbc2b
SHA256=e2d8dd5dacc24051709f55a35184f5f99aef957a83bd358b0608b4479e1ec24f
SHA256=e2e79f1e696f27fa70d72f97e448081b1fa14d59cbb89bb4a40428534dd5c6f6
SHA256=e3b257357be41a18319332df7023c4407e2b93ac4c9e0c6754032e29f3763eac
SHA256=e3eff841ea0f2786e5e0fed2744c0829719ad711fc9258eeaf81ed65a52a8918
SHA256=e3f2ee22dec15061919583e4beb8abb3b29b283e2bcb46badf2bfde65f5ea8dd
SHA256=e4a7da2cf59a4a21fc42b611df1d59cae75051925a7ddf42bf216cc1a026eadb
SHA256=e4c154a0073bbad3c9f8ab7218e9b3be252ae705c20c568861dae4088f17ffcc
SHA256=e4d9f037411284e996a002b15b49bc227d085ee869ae1cd91ba54ff7c244f036
SHA256=e4eca7db365929ff7c5c785e2eab04ef8ec67ea9edcf7392f2b74eccd9449148
SHA256=e005e8d183e853a27ad3bb56f25489f369c11b0d47e3d4095aad9291b3343bf1
SHA256=e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53
SHA256=e5b0772be02e2bc807804874cf669e97aa36f5aff1f12fa0a631a3c7b4dd0dc8
SHA256=e7cbfb16261de1c7f009431d374d90e9eb049ba78246e38bc4c8b9e06f324b6f
SHA256=e16dc51c51b2df88c474feb52ce884d152b3511094306a289623de69dedfdf48
SHA256=e32ab30d01dcff6418544d93f99ae812d2ce6396e809686620547bea05074f6f
SHA256=e50b25d94c1771937b2f632e10eea875ac6b19c57da703d52e23ad2b6299f0ae
SHA256=e58bbf3251906ff722aa63415bf169618e78be85cb92c8263d3715c260491e90
SHA256=e61a54f6d3869b43c4eceac3016df73df67cce03878c5a6167166601c5d3f028
SHA256=e68d453d333854787f8470c8baef3e0d082f26df5aa19c0493898bcf3401e39a
SHA256=e86cb77de7b6a8025f9a546f6c45d135f471e664963cf70b381bee2dfd0fdef4
SHA256=e428ddf9afc9b2d11e2271f0a67a2d6638b860c2c12d4b8cc63d33f3349ee93f
SHA256=e1980c6592e6d2d92c1a65acad8f1071b6a404097bb6fcce494f3c8ac31385cf
SHA256=e3936d3356573ce2e472495cd3ce769f49a613e453b010433dafce5ea498ddc2
SHA256=e4522e2cfa0b1f5d258a3cf85b87681d6969e0572f668024c465d635c236b5d9
SHA256=e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf
SHA256=e83908eba2501a00ef9e74e7d1c8b4ff1279f1cd6051707fd51824f87e4378fa
SHA256=e07211224b02aaf68a5e4b73fc1049376623793509d9581cdaee9e601020af06
SHA256=e6056443537d4d2314dabca1b9168f1eaaf17a14eb41f6f5741b6b82b3119790
SHA256=e81230217988f3e7ec6f89a06d231ec66039bdba340fd8ebb2bbb586506e3293
SHA256=ea0b9eecf4ad5ec8c14aec13de7d661e7615018b1a3c65464bf5eca9bbf6ded3
SHA256=ea85bbe63d6f66f7efee7007e770af820d57f914c7f179c5fee3ef2845f19c41
SHA256=ebe2e9ec6d5d94c2d58fbcc9d78c5f0ee7a2f2c1aed6d1b309f383186d11dfa3
SHA256=ec5fac0b6bb267a2bd10fc80c8cca6718439d56e82e053d3ff799ce5f3475db5
SHA256=ecd07df7ad6fee9269a9e9429eb199bf3e24cf672aa1d013b7e8d90d75324566
SHA256=ece0a900ea089e730741499614c0917432246ceb5e11599ee3a1bb679e24fd2c
SHA256=ecfc52a22e4a41bf53865b0e28309411c60af34a44e31a5c53cdc8c5733e8282
SHA256=ed2f33452ec32830ffef2d5dc832985db9600c306ed890c47f3f33ccbb335c39
SHA256=ee3ff12943ced401e2b6df9e66e8a0be8e449fa9326cab241f471b2d8ffefdd7
SHA256=ee45fd2d7315fd039f3585a66e7855ba4af9d4721e1448e602623de14e932bbe
SHA256=eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b
SHA256=ef6d3c00f9d0aa31a218094480299ef73fc85146adf62fd0c2f4f88972c5c850
SHA256=ef86c4e5ee1dbc4f81cd864e8cd2f4a2a85ee4475b9a9ab698a4ae1cc71fbeb0
SHA256=f1c8ca232789c2f11a511c8cd95a9f3830dd719cad5aa22cb7c3539ab8cb4dc3
SHA256=f4ff679066269392f6b7c3ba6257fc60dd609e4f9c491b00e1a16e4c405b0b9b
SHA256=f05b1ee9e2f6ab704b8919d5071becbce6f9d0f9d0ba32a460c41d5272134abe
SHA256=f6cd7353cb6e86e98d387473ed6340f9b44241867508e209e944f548b9db1d5f
SHA256=f15ae970e222ce06dbf3752b223270d0e726fb78ebec3598b4f8225b5a0880b1
SHA256=f37d609ea1f06660d970415dd3916c4c153bb5940bf7d2beb47fa34e8a8ffbfc
SHA256=f51bdb0ad924178131c21e39a8ccd191e46b5512b0f2e1cc8486f63e84e5d960
SHA256=f74ffd6916333662900cbecb90aca2d6475a714ce410adf9c5c3264abbe5732c
SHA256=f84f8173242b95f9f3c4fea99b5555b33f9ce37ca8188b643871d261cb081496
SHA256=f85cca4badff17d1aa90752153ccec77a68ad282b69e3985fdc4743eaea85004
SHA256=f85eb576acb5db0d2f48e5f09a7244165a876fa1ca8697ebb773e4d7071d4439
SHA256=f088b2ba27dacd5c28f8ee428f1350dca4bc7c6606309c287c801b2e1da1a53d
SHA256=f88ebb633406a086d9cca6bc8b66a4ea940c5476529f9033a9e0463512a23a57
SHA256=f581decc2888ef27ee1ea85ea23bbb5fb2fe6a554266ff5a1476acd1d29d53af
SHA256=f596e64f4c5d7c37a00493728d8756b243cfdc11e3372d6d6dfeffc13c9ab960
SHA256=f0605dda1def240dc7e14efa73927d6c6d89988c01ea8647b671667b2b167008
SHA256=f744abb99c97d98e4cd08072a897107829d6d8481aee96c22443f626d00f4145
SHA256=f929bead59e9424ab90427b379dcdd63fbfe0c4fb5e1792e3a1685541cd5ec65
SHA256=f8430bdc6fd01f42217d66d87a3ef6f66cb2700ebb39c4f25c8b851858cc4b35
SHA256=f8886a9c759e0426e08d55e410b02c5b05af3c287b15970175e4874316ffaf13
SHA256=f8965fdce668692c3785afa3559159f9a18287bc0d53abb21902895a8ecf221b
SHA256=f29073dc99cb52fa890aae80037b48a172138f112474a1aecddae21179c93478
SHA256=f85784fa8e7a7ec86cb3fe76435802f6bb82256e1824ed7b5d61bf075f054573
SHA256=f877296e8506e6a1acbdacdc5085b18c6842320a2775a329d286bac796f08d54
SHA256=f9895458e73d4b0ef01eda347fb695bb00e6598d9f5e2506161b70ad96bb7298
SHA256=f40435488389b4fb3b945ca21a8325a51e1b5f80f045ab019748d0ec66056a8b
SHA256=fa875178ae2d7604d027510b0d0a7e2d9d675e10a4c9dda2d927ee891e0bcb91
SHA256=fafa1bb36f0ac34b762a10e9f327dcab2152a6d0b16a19697362d49a31e7f566
SHA256=fb6b0d304433bf88cc7d57728683dbb4b9833459dc33528918ead09b3907ff22
SHA256=fb81b5f8bf69637dbdf050181499088a67d24577587bc520de94b5ee8996240f
SHA256=fc22977ff721b3d718b71c42440ee2d8a144f3fbc7755e4331ddd5bcc65158d2
SHA256=fca10cde7d331b7f614118682d834d46125a65888e97bd9fda2df3f15797166c
SHA256=fcdfe570e6dc6e768ef75138033d9961f78045adca53beb6fdb520f6417e0df1
SHA256=fd33fb2735cc5ef466a54807d3436622407287e325276fcd3ed1290c98bd0533
SHA256=fd388cf1df06d419b14dedbeb24c6f4dff37bea26018775f09d56b3067f0de2c
SHA256=fd8669794c67b396c12fc5f08e9c004fdf851a82faf302846878173e4fbecb03
SHA256=fda93c6e41212e86af07f57ca95db841161f00b08dae6304a51b467056e56280
SHA256=ff115cefe624b6ca0b3878a86f6f8b352d1915b65fbbdc33ae15530a96ebdaa7
SHA256=ff6729518a380bf57f1bc6f1ec0aa7f3012e1618b8d9b0f31a61d299ee2b4339
SHA256=ff9623317287358440ec67da9ba79994d9b17b99ffdd709ec836478fe1fc22a5
SHA256=ffc72f0bde21ba20aa97bee99d9e96870e5aa40cce9884e44c612757f939494f
SHA256=56066ed07bad3b5c1474e8fae5ee2543d17d7977369b34450bd0775517e3b25c
SHA256=06a0ec9a316eb89cb041b1907918e3ad3b03842ec65f004f6fa74d57955573a4
SHA256=86047bb1969d1db455493955fd450d18c62a3f36294d0a6c3732c88dfbcc4f62
SHA256=06c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f
SHA256=8dafe5f3d0527b66f6857559e3c81872699003e0f2ffda9202a1b5e29db2002e
SHA256=81c7bb39100d358f8286da5e9aa838606c98dfcc263e9a82ed91cd438cb130d1
SHA256=6661320f779337b95bbbe1943ee64afb2101c92f92f3d1571c1bf4201c38c724
SHA256=ea50f22daade04d3ca06dedb497b905215cba31aae7b4cab4b533fda0c5be620
SHA256=0440ef40c46fdd2b5d86e7feef8577a8591de862cfd7928cdbcc8f47b8fa3ffc
SHA256=c0d88db11d0f529754d290ed5f4c34b4dba8c4f2e5c4148866daabeab0d25f9c
SHA256=e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d
SHA256=18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7
SHA256=139f8412a7c6fdc43dcfbbcdba256ee55654eb36a40f338249d5162a1f69b988
SHA256=b0eb4d999e4e0e7c2e33ff081e847c87b49940eb24a9e0794c6aa9516832c427
SHA256=1485c0ed3e875cbdfc6786a5bd26d18ea9d31727deb8df290a1c00c780419a4e
SHA256=6b5cf41512255237064e9274ca8f8a3fef820c45aa6067c9c6a0e6f5751a0421
SHA256=0d10c4b2f56364b475b60bd2933273c8b1ed2176353e59e65f968c61e93b7d99
SHA256=ad938d15ecfd70083c474e1642a88b078c3cea02cdbddf66d4fb1c01b9b29d9a
SHA256=89698cad598a56f9e45efffd15d1841e494a2409cc12279150a03842cd6bb7f3
SHA256=5f6fec8f7890d032461b127332759c88a1b7360aa10c6bd38482572f59d2ba8b
SHA256=fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5
SHA256=05b146a48a69dd62a02759487e769bd30d39f16374bc76c86453b4ae59e7ffa4
SHA256=6994b32e3f3357f4a1d0abe81e8b62dd54e36b17816f2f1a80018584200a1b77
SHA256=6908ebf52eb19c6719a0b508d1e2128f198d10441551cbfb9f4031d382f5229f
SHA256=32882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d
SHA256=fd223833abffa9cd6cc1848d77599673643585925a7ee51259d67c44d361cce8
SHA256=6839fcae985774427c65fe38e773aa96ec451a412caa5354ad9e2b9b54ffe6c1
SHA256=f9f2091fccb289bcf6a945f6b38676ec71dedb32f3674262928ccaf840ca131a
SHA256=7a7e8df7173387aec593e4fe2b45520ea3156c5f810d2bb1b2784efd1c922376
SHA256=96bf3ee7c6673b69c6aa173bb44e21fa636b1c2c73f4356a7599c121284a51cc
SHA256=b9dad0131c51e2645e761b74a71ebad2bf175645fa9f42a4ab0e6921b83306e3
SHA256=e6a7b0bc01a627a7d0ffb07faddb3a4dd96b6f5208ac26107bdaeb3ab1ec8217
SHA256=200f98655d1f46d2599c2c8605ebb7e335fee3883a32135ca1a81e09819bc64a
SHA256=8d9a2363b757d3f127b9c6ed8f7b8b018e652369bc070aa3500b3a978feaa6ce
SHA256=c8f9e1ad7b8cce62fba349a00bc168c849d42cfb2ca5b2c6cc4b51d054e0c497
SHA256=23e89fd30a1c7db37f3ea81b779ce9acf8a4294397cbb54cff350d54afcfd931
SHA256=575e58b62afab094c20c296604dc3b7dd2e1a50f5978d8ee24b7dca028e97316
SHA256=5b932eab6c67f62f097a3249477ac46d80ddccdc52654f8674060b4ddf638e5d
SHA256=e6f764c3b5580cd1675cbf184938ad5a201a8c096607857869bd7c3399df0d12
SHA256=9bb09752cf3a464455422909edef518ac18fe63cf5e1e8d9d6c2e68db62e0c87
SHA256=f8236fc01d4efaa48f032e301be2ebba4036b2cd945982a29046eca03944d2ae
SHA256=e7af7bcb86bd6bab1835f610671c3921441965a839673ac34444cf0ce7b2164e
SHA256=9b1b15a3aacb0e786a608726c3abfc94968915cedcbd239ddf903c4a54bfcf0c
SHA256=f936ec4c8164cbd31add659b61c16cb3a717eac90e74d89c47afb96b60120280
SHA256=9c2f3e9811f7d0c7463eaa1ee6f39c23f902f3797b80891590b43bbe0fdf0e51
SHA256=b8807e365be2813b7eccd2e4c49afb0d1e131086715638b7a6307cd7d7e9556c
SHA256=50819a1add4c81c0d53203592d6803f022443440935ff8260ff3b6d5253c0c76
SHA256=52d5c35325ce701516f8b04380c9fbdb78ec6bcc13b444f758fdb03d545b0677
SHA256=7f4555a940ce1156c9bcea9a2a0b801f9a5e44ec9400b61b14a7b1a6404ffdf6
SHA256=8e035beb02a411f8a9e92d4cf184ad34f52bbd0a81a50c222cdd4706e4e45104
SHA256=8578bff36e3b02cc71495b647db88c67c3c5ca710b5a2bd539148550595d0330
SHA256=4734a0a5d88f44a4939b8d812364cab6ca5f611b9b8ceebe27df6c1ed3a6d8a4
SHA256=88076e98d45ed3adf0c5355411fe8ca793eb7cec1a1c61f5e1ec337eae267463
SHA256=749b0e8c8c8b7dda8c2063c708047cfe95afa0a4d86886b31a12f3018396e67c
SHA256=49c827cf48efb122a9d6fd87b426482b7496ccd4a2dbca31ebbf6b2b80c98530
SHA256=d7c81b0f3c14844f6424e8bdd31a128e773cb96cccef6d05cbff473f0ccb9f9c
SHA256=f6c316e2385f2694d47e936b0ac4bc9b55e279d530dd5e805f0d963cb47c3c0d
SHA256=5c1585b1a1c956c7755429544f3596515dfdf928373620c51b0606a520c6245a
SHA256=5bc3994612624da168750455b363f2964e1861dba4f1c305df01b970ac02a7ae
SHA256=bb2422e96ea993007f25c71d55b2eddfa1e940c89e895abb50dd07d7c17ca1df
SHA256=42b22faa489b5de936db33f12184f6233198bdf851a18264d31210207827ba25
SHA256=f461414a2596555cece5cfee65a3c22648db0082ca211f6238af8230e41b3212
SHA256=770f33259d6fb10f4a32d8a57d0d12953e8455c72bb7b60cb39ce505c507013a
C:\Users
Appdata
smartgit
C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe
C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\wsp.exe
Msp.Ecosystem.Discovery.exe
C:\ProgramData\Microsoft\Windows Defender\Platform
MsMpEng.exe