md5,sha256,IMPHASH
net group /dom
quser
7z
\BrightmetricAgent.exe
\ScanLine.exe
vm3dservice.exe
FRP
\Impacket.exe
\Mimikatz.exe
\PsExec.exe
\cmd.exe
dnscat
powershell
java
BloodHound.exe
ngrok.exe
Get-TimeZone
Wevtutil
"C:\Windows\system32\wermgr.exe" "-queuereporting_svc"
C:\Windows\system32\DllHost.exe /Processid
C:\Windows\system32\wbem\wmiprvse.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\system32\wermgr.exe -upload
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\wermgr.exe -queuereporting
\??\C:\Windows\system32\autochk.exe *
\SystemRoot\System32\smss.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
C:\Windows\System32\TokenBrokerCookies.exe
C:\Windows\System32\plasrv.exe
C:\Windows\System32\wifitask.exe
C:\Windows\system32\CompatTelRunner.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\SppExtComObj.Exe
C:\Windows\system32\audiodg.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\mobsync.exe
C:\Windows\system32\musNotification.exe
C:\Windows\system32\musNotificationUx.exe
C:\Windows\system32\powercfg.exe
C:\Windows\system32\sndVol.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\WmiApSrv.exe
AppContainer
%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows
C:\windows\system32\wermgr.exe -queuereporting
C:\WINDOWS\system32\devicecensus.exe UserCxt
C:\Windows\System32\usocoreworker.exe -Embedding
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k appmodel -s StateRepository
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
C:\Windows\system32\svchost.exe -k appmodel
C:\Windows\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\Windows\system32\svchost.exe -k camera -s FrameServer
C:\Windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\Windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\svchost.exe -k devicesflow -s DevicesFlowUserSvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k localService -s EventSystem
C:\Windows\system32\svchost.exe -k localService -s bthserv
C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
C:\Windows\system32\svchost.exe -k localService -s nsi
C:\Windows\system32\svchost.exe -k localService -s w32Time
C:\Windows\system32\svchost.exe -k localServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s Dhcp
C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s EventLog
C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s TimeBrokerSvc
C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s WFDSConMgrSvc
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -s BTAGService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k localServiceAndNoImpersonation -s SensrSvc
C:\Windows\system32\svchost.exe -k localServiceAndNoImpersonation -p -s SSDPSRV
C:\Windows\system32\svchost.exe -k localServiceNoNetwork
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -p -s WPDBusEnum
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -p -s fhsvc
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s DeviceAssociationService
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s NcbService
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s SensorService
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s TabletInputService
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s UmRdpService
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Windows\system32\svchost.exe -k localServiceAndNoImpersonation -s SCardSvr
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
C:\Windows\System32\svchost.exe -k netsvcs -p -s SessionEnv
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s WdiSystemHost
C:\Windows\System32\svchost.exe -k localSystemNetworkRestricted -p -s WdiSystemHost
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\Windows\system32\svchost.exe -k netsvcs -p -s ncaSvc
C:\Windows\system32\svchost.exe -k netsvcs -s BDESVC
C:\Windows\System32\svchost.exe -k netsvcs -p -s BDESVC
C:\Windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\system32\svchost.exe -k netsvcs -s BITS
C:\Windows\system32\svchost.exe -k netsvcs -s CertPropSvc
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
C:\Windows\system32\svchost.exe -k netsvcs -s Gpsvc
C:\Windows\system32\svchost.exe -k netsvcs -s ProfSvc
C:\Windows\system32\svchost.exe -k netsvcs -s SENS
C:\Windows\system32\svchost.exe -k netsvcs -s SessionEnv
C:\Windows\system32\svchost.exe -k netsvcs -s Themes
C:\Windows\system32\svchost.exe -k netsvcs -s Winmgmt
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k networkService -p -s DoSvc
C:\Windows\system32\svchost.exe -k networkService -s Dnscache
C:\Windows\system32\svchost.exe -k networkService -s LanmanWorkstation
C:\Windows\system32\svchost.exe -k networkService -s NlaSvc
C:\Windows\system32\svchost.exe -k networkService -s TermService
C:\Windows\system32\svchost.exe -k networkService
C:\Windows\system32\svchost.exe -k networkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k rPCSS
C:\Windows\system32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k unistackSvcGroup
C:\Windows\system32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k wbioSvcGroup
C:\Windows\system32\svchost.exe -k werSvcGroup
C:\Windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
C:\Windows\system32\svchost.exe -k wsappx -p -s AppXSvc
C:\Windows\system32\svchost.exe -k wsappx -s ClipSVC
C:\Windows\system32\svchost.exe -k wsappx
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted
C:\Windows\system32\deviceenroller.exe /c /AutoEnrollMDM
"C:\Program Files (x86)\Microsoft\Edge Dev\Application\msedge.exe" --type=
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\Ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
C:\Program Files\Microsoft Office\Office16\MSOSYNC.EXE
C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Office\Office16\msoia.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=
C:\Users
.exe
\Device\HarddiskVolumeShadowCopy
OneDrive.exe
C:\Windows\system32\backgroundTaskHost.exe
setup
install
Update\
redist.exe
msiexec.exe
TrustedInstaller.exe
\NVIDIA\NvBackend\ApplicationOntology\
netsh
ngrok.exe
tunnel.ngrok.io
amazonaws.com
C:\Users
C:\Recycle
C:\ProgramData
C:\Windows\Temp
\
C:\perflogs
C:\intel
C:\Windows\fonts
C:\Windows\system32\config
at.exe
certutil.exe
cmd.exe
cmstp.exe
cscript.exe
driverquery.exe
dsquery.exe
hh.exe
infDefaultInstall.exe
java.exe
javaw.exe
javaws.exe
mmc.exe
msbuild.exe
mshta.exe
msiexec.exe
nbtstat.exe
net.exe
net1.exe
notepad.exe
nslookup.exe
powershell.exe
qprocess.exe
qwinsta.exe
qwinsta.exe
reg.exe
regsvcs.exe
regsvr32.exe
rundll32.exe
rwinsta.exe
sc.exe
schtasks.exe
taskkill.exe
tasklist.exe
wmic.exe
wscript.exe
nc.exe
ncat.exe
psexec.exe
psexesvc.exe
tor.exe
vnc.exe
vncservice.exe
vncviewer.exe
winexesvc.exe
nmap.exe
psinfo.exe
22
23
25
143
3389
5800
5900
4444
1080
3128
8080
1723
9001
9030
C:\ProgramData\Microsoft\Windows Defender\Platform\
AppData\Local\Microsoft\Teams\current\Teams.exe
.microsoft.com
microsoft.com.akadns.net
microsoft.com.nsatc.net
127.0.0.1
fe80:0:0:0
C:\Users
\
microsoft
windows
Intel
ScanLine
VersaMem
Impacket.exe
PsExec.exe
ngrok.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\audiodg.exe
C:\Windows\system32\kernel32.dll
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
\BrightmetricAgent.exe
\lsass.exe
PsExec.exe
C:\Windows\system32\lsass.exe
0x1FFFFF
C:\Windows\system32\lsass.exe
0x1F1FFF
C:\Windows\system32\lsass.exe
0x1010
C:\Windows\system32\lsass.exe
0x143A
C:\Windows\system32\csrss.exe
0x1F1FFF
C:\Windows\system32\wininit.exe
0x1F1FFF
C:\Windows\system32\winlogon.exe
0x1F1FFF
C:\Windows\system32\services.exe
0x1F1FFF
0x0810
0x0800
0x800
0x0820
0x820
C:\Windows\Temp\ntds.dit
systeminfo.dat
*.log
Mimikatz.exe
*.7z
KeePass.db
webshell.aspx
webshell.aspx
rclone.conf
\Start Menu
\Startup\
\Content.Outlook\
\Downloads\
.application
.appref-ms
.bat
.chm
.cmd
.cmdline
.crx
.dmp
.docm
.dll
.exe
.exe.log
.jar
.jnlp
.jse
.hta
.job
.pptm
.ps1
.sys
.scr
.vbe
.vbs
.xlsm
proj
.sln
C:\Users\Default
C:\Windows\system32\Drivers
C:\Windows\SysWOW64\Drivers
C:\Windows\system32\GroupPolicy\Machine\Scripts
C:\Windows\system32\GroupPolicy\User\Scripts
C:\Windows\system32\Wbem
C:\Windows\SysWOW64\Wbem
C:\Windows\system32\WindowsPowerShell
C:\Windows\SysWOW64\WindowsPowerShell
C:\Windows\Tasks\
C:\Windows\system32\Tasks
C:\Windows\SysWOW64\Tasks
\Device\HarddiskVolumeShadowCopy
C:\Windows\AppPatch\Custom
VirtualStore
.xls
.ppt
.rtf
C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
C:\Windows\system32\smss.exe
C:\Windows\system32\CompatTelRunner.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\mobsync.exe
C:\Windows\system32\DriverStore\Temp\
C:\Windows\system32\wbem\Performance\
C:\Windows\Installer\
C:\$WINDOWS.~BT\Sources\
C:\Windows\winsxs\amd64_microsoft-windows
\ntuser.dat
\UserClass.dat
\PortProxy
Reg.exe
CurrentVersion\Run
Policies\Explorer\Run
Group Policy\Scripts
Windows\System\Scripts
CurrentVersion\Windows\Load
CurrentVersion\Windows\Run
CurrentVersion\Winlogon\Shell
CurrentVersion\Winlogon\System
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
UserInitMprLogonScript
user shell folders\startup
\ServiceDll
\ServiceManifest
\ImagePath
\Start
Control\Terminal Server\WinStations\RDP-Tcp\PortNumber
Control\Terminal Server\fSingleSessionPerUser
fDenyTSConnections
LastLoggedOnUser
RDP-tcp\PortNumber
Services\PortProxy\v4tov4
\command\
\ddeexec\
{86C86720-42A0-1069-A2E8-08002B30309D}
exefile
\InprocServer32\(Default)
\Hidden
\ShowSuperHidden
\HideFileExt
Classes\*\
Classes\AllFilesystemObjects\
Classes\Directory\
Classes\Drive\
Classes\Folder\
Classes\PROTOCOLS\
ContextMenuHandlers\
CurrentVersion\Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellServiceObjectDelayLoad
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellIconOverlayIdentifiers
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\InitialProgram
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\
HKLM\SYSTEM\CurrentControlSet\Services\WinSock
\ProxyServer
HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
HKLM\Software\Microsoft\Netsh
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\
HKLM\Software\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
\EnableFirewall
\DoNotAllowExceptions
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls\
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls\
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\
Microsoft\Office\Outlook\Addins\
Office Test\
Security\Trusted Documents\TrustRecords
Internet Explorer\Toolbar\
Internet Explorer\Extensions\
Browser Helper Objects\
\DisableSecuritySettingsCheck
\3\1206
\3\2500
\3\1809
HKLM\Software\Classes\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\
HKLM\Software\Classes\WOW6432Node\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}\
HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\
HKLM\Software\Classes\WOW6432Node\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\
\UrlUpdateInfo
\InstallSource
\EulaAccepted
\DisableAntiSpyware
\DisableAntiVirus
\SpynetReporting
DisableRealtimeMonitoring
\SubmitSamplesConsent
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy
HKLM\Software\Microsoft\Security Center\
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideSCAHealth
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
VirtualStore
HKLM\Software\Microsoft\Windows\CurrentVersion\WINEVT\
HKLM\SYSTEM\CurrentControlSet\Control\Safeboot\
HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\
\FriendlyName
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress\(Default)
HKLM\Software\Microsoft\Tracing\RASAPI32
\LowerCaseLongPath
\Publisher
\BinProductVersion
\DriverVersion
\DriverVerVersion
\LinkDate
Compatibility Assistant\Store\
\
\{CAFEEFAC-
CreateKey
HKLM\COMPONENTS
HKLM\Software\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache
Toolbar\WebBrowser
Browser\ITBar7Height
Browser\ITBar7Layout
Internet Explorer\Toolbar\Locked
Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93}
}\PreviousPolicyAreas
\Control\WMI\Autologger\
HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\Start
\Lsa\OfflineJoin\CurrentValue
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\
_Classes\AppX
HKLM\Software\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\LsaPid
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains
\Services\BITS\Start
\services\clr_optimization_v2.0.50727_32\Start
\services\clr_optimization_v2.0.50727_64\Start
\services\clr_optimization_v4.0.30319_32\Start
\services\clr_optimization_v4.0.30319_64\Start
\services\deviceAssociationService\Start
\services\fhsvc\Start
\services\nal\Start
\services\trustedInstaller\Start
\services\tunnel\Start
\services\usoSvc\Start
\UserChoice\ProgId
\UserChoice\Hash
\OpenWithList\MRUList
Shell Extentions\Cached
HKLM\System\CurrentControlSet\Control\Lsa\Audit\SpecialGroups
SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup\0\PSScriptOrder
SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup\0\SOM-ID
SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup\0\GPO-ID
SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup\0\0\IsPowershell
SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup\0\0\ExecTime
SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown\0\PSScriptOrder
SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown\0\SOM-ID
SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown\0\GPO-ID
SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown\0\0\IsPowershell
SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown\0\0\ExecTime
\safer\codeidentifiers\0\HASHES\{
VirtualStore\MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\
HKLM\SOFTWARE\Microsoft\Office\ClickToRun\
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
HKCR\VLC.
HKCR\iTunes.
HKLM\Software\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{945a8954-c147-4acd-923f-40c45405a658}
Downloads
Temp\7z
Startup
.bat
.cmd
.doc
.hta
.lnk
.ppt
.ps1
.ps2
.reg
.jse
.vb
.vbe
.vbs
\\\\.\\pipe\\
PsExec
Get-EventLog
Wevtutil
Win32_Process
example.com
amazonaws.com
.arpa.
.arpa
.msftncsi.com
..localmachine
localhost
-pushp.svc.ms
.b-msedge.net
.bing.com
.hotmail.com
.live.com
.live.net
.s-microsoft.com
.microsoft.com
.microsoftonline.com
.microsoftstore.com
.ms-acdc.office.com
.msedge.net
.msn.com
.msocdn.com
.skype.com
.skype.net
.windows.com
.windows.net.nsatc.net
.windowsupdate.com
.xboxlive.com
login.windows.net
C:\ProgramData\Microsoft\Windows Defender\Platform\
.activedirectory.windowsazure.com
.aria.microsoft.com
.msauth.net
.msftauth.net
.opinsights.azure.com
osi.office.net
loki.delve.office.com
management.azure.com
messaging.office.com
outlook.office365.com
portal.azure.com
protection.outlook.com
substrate.office.com
.mozaws.net
.mozilla.com
.mozilla.net
.mozilla.org
.spotify.com
.spotify.map.fastly.net
clients1.google.com
clients2.google.com
clients3.google.com
clients4.google.com
clients5.google.com
clients6.google.com
safebrowsing.googleapis.com
.akadns.net
.netflix.com
aspnetcdn.com
ajax.googleapis.com
cdnjs.cloudflare.com
fonts.googleapis.com
.typekit.net
cdnjs.cloudflare.com
.stackassets.com
.steamcontent.com
.disqus.com
.fontawesome.com
disqus.com
.1rx.io
.2mdn.net
.adadvisor.net
.adap.tv
.addthis.com
.adform.net
.adnxs.com
.adroll.com
.adrta.com
.adsafeprotected.com
.adsrvr.org
.advertising.com
.amazon-adsystem.com
.amazon-adsystem.com
.analytics.yahoo.com
.aol.com
.betrad.com
.bidswitch.net
.casalemedia.com
.chartbeat.net
.cnn.com
.convertro.com
.criteo.com
.criteo.net
.crwdcntrl.net
.demdex.net
.domdex.com
.dotomi.com
.doubleclick.net
.doubleverify.com
.emxdgt.com
.exelator.com
.google-analytics.com
.googleadservices.com
.googlesyndication.com
.googletagmanager.com
.googlevideo.com
.gstatic.com
.gvt1.com
.gvt2.com
.ib-ibi.com
.jivox.com
.mathtag.com
.moatads.com
.moatpixel.com
.mookie1.com
.myvisualiq.net
.netmng.com
.nexac.com
.openx.net
.optimizely.com
.outbrain.com
.pardot.com
.phx.gbl
.pinterest.com
.pubmatic.com
.quantcount.com
.quantserve.com
.revsci.net
.rfihub.net
.rlcdn.com
.rubiconproject.com
.scdn.co
.scorecardresearch.com
.serving-sys.com
.sharethrough.com
.simpli.fi
.sitescout.com
.smartadserver.com
.snapads.com
.spotxchange.com
.taboola.com
.taboola.map.fastly.net
.tapad.com
.tidaltv.com
.trafficmanager.net
.tremorhub.com
.tribalfusion.com
.turn.com
.twimg.com
.tynt.com
.w55c.net
.ytimg.com
.zorosrv.com
1rx.io
adservice.google.com
ampcid.google.com
clientservices.googleapis.com
googleadapis.l.google.com
imasdk.googleapis.com
l.google.com
ml314.com
mtalk.google.com
update.googleapis.com
www.googletagservices.com
.pscp.tv
.digicert.com
.globalsign.com
.globalsign.net
msocsp.com
ocsp.msocsp.com
pki.goog
ocsp.godaddy.com
amazontrust.com
ocsp.sectigo.com
pki-goog.l.google.com
.usertrust.com
ocsp.comodoca.com
ocsp.verisign.com
ocsp.entrust.net
ocsp.identrust.com
status.rapidssl.com
status.thawte.com
ocsp.int-x3.letsencrypt.org
*.log
rclone.conf
SaintBot
gdi32.dll
Tasklist