diff --git a/TTPs/win_ioc.py b/TTPs/win_ioc.py
deleted file mode 100644
index fceeacf..0000000
--- a/TTPs/win_ioc.py
+++ /dev/null
@@ -1,200 +0,0 @@
-from Modules.Imports.ttp_imports import *
-
-def win_ioc_submenu():
-    build_submenu("Windows Indicators of Compromise (IOCs)", module=globals())
-
-def basics():
-    title = "Basics"
-    content = """
-- Look for file extensions
-- Initial access and lateral movement are the loudest
-- Understand how PID and PPID relate
-- Look for 1-2 character .exe (e.g., a.exe, ab.exe)
-- C2 exploits are native in 32-bit
-- Files should not have read, write, and execute simultaneously
-    - Should be RW- ro --X
-- Know where attackers store files
-- C:\\windows\\system32: Exe files are not usually stored here
-"""
-    print_info(title, content)
-
-def common_malware_names():
-    title = "Common Malware Names"
-    content = """
-- svchost.exe
-- iexplore.exe
-- explorer.exe
-- lsass.exe
-- win.exe
-- winlogon.exe
-"""
-    print_info(title, content)
-
-def common_malware_locations():
-    title = "Common Malware Locations"
-    content = """
-- \\Temp
-- C:\\Users\\*\\Downloads
-- \\AppData
-  - C:\\Users\\*\\AppData\\Roaming\\Microsoft\\Windows\\Recent
-- \\$Recycle.Bin
-- \\ProgramData
-- \\Windows
-- \\Windows\\System32
-- \\WinSxS
-- \\System Volume Information
-- \\Program Files
-- \\Program Files (x86)
-- [Added Directories by APTs]
-"""
-    print_info(title, content)
-
-def interesting_search_terms():
-    title = "Interesting Search Terms"
-    content = """
-### Scripts
-- `.ps1`, `.vbs`, `.py`, `.bat`
-
-### Windows Binaries
-- `.exe`, `.msi`, `.dll`
-
-### Archives
-- `.rar`, `.zip`, `.cab`, `.7z`, `.Eo1`, `.iso`, `.ova`, `.ovf`, `.vmdk`, `.vdk`
-
-Other:
-- `.eval`
-- `.xls`
-- `.doc`
-- ActiveXObject
-- CommandLineTemplate
-- ScriptText
-"""
-    print_info(title, content)
-
-def locations_of_persistence():
-    title = "Locations of Persistence"
-    content = """
-- C:\\windows\\system32 (Exe files are not usually stored here)
-"""
-    print_info(title, content)
-
-def types_of_persistence():
-    title = "Types of Persistence"
-    content = """
-- Impacket Exec
-- Services
-- WMI
-- Autostart
-- DLL Hijacking
-- Drivers
-- Map Share
-- Persistence Mechanisms
-- Powershell Remoting
-- PsExec
-- Remote Desktop
-- Run Keys
-- Scheduled Tasks
-- Registry
-"""
-    print_info(title, content)
-
-def advanced_persistence():
-    title = "Advanced Persistence"
-    content = """
-- Bios Flashing
-- Drivers
-- Local Group Policy
-- MS Office Add-In
-"""
-    print_info(title, content)
-
-def event_ids_to_watch():
-    title = "Event IDs to Watch"
-    content = """
-- 4698 A scheduled task was created
-- 4720 A user account was created
-- 4768 A Kerberos authentication ticket (TGT) was requested
-- 4769 A Kerberos service ticket was requested
-- 5140 A network share object was accessed
-- 7045 A new service was installed in the system
-- 4648 A logon was attempted using explicit credentials
-- 4656 A handle to an object was requested
-- 4658 The handle to an object was closed
-- 4660 An object was deleted
-- 4663 An attempt was made to access an object
-- 4672 Special privileges assigned to new logon
-- 4673 A privileged service was called
-- 4688 A new process has been created
-- 4946 A change has been made to Windows Firewall exception list. A rule was added
-- 5142 A network share object was added
-- 5144 A network share object was deleted
-- 5145 A network share object was checked to see whether the client can be granted desired access
-- 5154 The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections
-- 5156 The Windows Filtering Platform has allowed a connection
-- 5447 A Windows Filtering Platform filter has been changed
-- 8222 Shadow copy has been created
-- 7036 Service changed
-- 7040 Service startup type changed
-- 7045 PSExec
-"""
-    print_info(title, content)
-
-def common_false_positives():
-    title = "Common False Positives"
-    content = """
-- SCM Event Log Consumer
-- BVTFilter
-- TSLogonEvents.vbs
-- TSLogonFilter
-- RAevent.vbs
-- RMAssistEventFilter
-- KernCap.vbs
-- NTEventLogConsumer
-- WSCEAA.exe (Dell)
-"""
-    print_info(title, content)
-
-def windows_directories():
-    title = "Windows Directories"
-    content = """
-- C:\\Windows\\System32\\drivers\\etc\\hosts (DNS file)
-- C:\\Windows\\System32\\drivers\\etc\\networks (Network config file)
-- C:\\Windows\\System32\\config\\SAM (Usernames and passwords)
-- C:\\Windows\\System32\\SECURITY (Security logs)
-- C:\\Windows\\System32\\SOFTWARE (Software logs)
-- C:\\Windows\\System32\\SYSTEM (System logs)
-- C:\\Windows\\System32\\winevt\\ (Windows event logs)
-- C:\\Windows\\repair\\SAM (Backup of usernames and passwords)
-"""
-    print_info(title, content)
-
-def analysis_resources():
-    title = "Analysis Resources"
-    content = """
-- Check Filehash
-- Analysis Threat Intel
-- Analysis IP
-- Analysis Malware
-
-### Useful Links
-- https://www.youtube.com/watch?v=NdwTeSi70SU
-- https://youtu.be/7dEfKn70HCI?si=MP-u-n4FMHVgtmWf
-- https://www.criticalstart.com/windows-security-event-logs-what-to-monitor/
-"""
-    print_info(title, content)
-
-def all_windows_iocs():
-    """
-    Displays all Windows IOC content sequentially.
-    """
-    basics()
-    common_malware_names()
-    common_malware_locations()
-    interesting_search_terms()
-    locations_of_persistence()
-    types_of_persistence()
-    advanced_persistence()
-    event_ids_to_watch()
-    common_false_positives()
-    windows_directories()
-    analysis_resources()
\ No newline at end of file