EvtxECmd[.]zip

EvtxECmd.zip

.zip

EvtxECmd/EvtxECmd.exe

.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

8c:1b:e2:96:cd:b3:c2:32:2a:39:12:78:6d:54:c4:61
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

03/03/2023, 00:00

Not After

02/03/2026, 23:59

Subject

CN=Eric R. Zimmerman,O=Eric R. Zimmerman,ST=Indiana,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

8c:1b:e2:96:cd:b3:c2:32:2a:39:12:78:6d:54:c4:61
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

03/03/2023, 00:00

Not After

02/03/2026, 23:59

Subject

CN=Eric R. Zimmerman,O=Eric R. Zimmerman,ST=Indiana,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

66:f3:b9:60:ca:ff:d6:4f:c4:e5:a2:01:fc:65:db:61:ca:c2:14:39:98:35:5d:57:5d:a0:68:91:87:c0:92:c2
Signer

Actual PE Digest

66:f3:b9:60:ca:ff:d6:4f:c4:e5:a2:01:fc:65:db:61:ca:c2:14:39:98:35:5d:57:5d:a0:68:91:87:c0:92:c2

Digest Algorithm

sha256

PE Digest Matches

true

ea:98:e7:a8:19:69:42:13:74:1b:f6:43:88:e5:21:b1:0a:4d:e4:e2
Signer

Actual PE Digest

ea:98:e7:a8:19:69:42:13:74:1b:f6:43:88:e5:21:b1:0a:4d:e4:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Code\evtx\EvtxECmd\obj\Release\net462\EvtxECmd.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

EvtxECmd/Maps/!!!!README.md

EvtxECmd/Maps/!Channel-Name_Provider-Name_EventID.guide

EvtxECmd/Maps/!Channel-Name_Provider-Name_EventID.template

EvtxECmd/Maps/Application_Application-Error_1000.map

EvtxECmd/Maps/Application_Application-Hang_1002.map

EvtxECmd/Maps/Application_CarbonBlackDefense_1.map

EvtxECmd/Maps/Application_CarbonBlackDefense_17.map

EvtxECmd/Maps/Application_CarbonBlackDefense_33.map

EvtxECmd/Maps/Application_CarbonBlackDefense_49.map

EvtxECmd/Maps/Application_Citrix-Desktop-Service_1027.map

EvtxECmd/Maps/Application_Citrix-Desktop-Service_1049.map

EvtxECmd/Maps/Application_CylanceSvc_1.map

EvtxECmd/Maps/Application_CylanceSvc_2.map

EvtxECmd/Maps/Application_ESENT_325.map

EvtxECmd/Maps/Application_ESENT_326.map

EvtxECmd/Maps/Application_ESENT_327.map

EvtxECmd/Maps/Application_HitmanPro-Alert_911.map

EvtxECmd/Maps/Application_MSSQLSERVER_15457.map

EvtxECmd/Maps/Application_MSSQLSERVER_18456.map

EvtxECmd/Maps/Application_MSSQLSERVER_33205.map

EvtxECmd/Maps/Application_McAfee-Endpoint-Security_3.map

EvtxECmd/Maps/Application_MetaFrameEvents_1106.map

EvtxECmd/Maps/Application_Microsoft-Windows-Audit-CVE_1.map

EvtxECmd/Maps/Application_Microsoft-Windows-RestartManager_10002.map

EvtxECmd/Maps/Application_Microsoft-Windows-Winsrv_10001.map

EvtxECmd/Maps/Application_Microsoft-Windows-Winsrv_10002.map

EvtxECmd/Maps/Application_MsiInstaller_1033.map

EvtxECmd/Maps/Application_MsiInstaller_1034.map

EvtxECmd/Maps/Application_MsiInstaller_1040.map

EvtxECmd/Maps/Application_MsiInstaller_1042.map

EvtxECmd/Maps/Application_MsiInstaller_11707.map

EvtxECmd/Maps/Application_MsiInstaller_11708.map

EvtxECmd/Maps/Application_MsiInstaller_11724.map

EvtxECmd/Maps/Application_Sophos-Anti-Virus_32.map

EvtxECmd/Maps/Application_Sophos-System-Protection_42.map

EvtxECmd/Maps/Application_Symantec_4003.map

EvtxECmd/Maps/Application_System-Restore_8194.map

EvtxECmd/Maps/Application_System-Restore_8195.map

EvtxECmd/Maps/Application_System-Restore_8196.map

EvtxECmd/Maps/Application_WSH_0.map

EvtxECmd/Maps/Application_Windows-Error-Reporting_1001.map

EvtxECmd/Maps/COMODO-Client-Security-CEF_File-Rating_3.map

EvtxECmd/Maps/Cisco-AnyConnect-Secure-Mobility-Client_acvpnagent_2039.map

EvtxECmd/Maps/Cisco-AnyConnect-Secure-Mobility-Client_acvpnagent_2048.map

EvtxECmd/Maps/Cisco-AnyConnect-Secure-Mobility-Client_acvpnagent_2072.map

EvtxECmd/Maps/Cisco-AnyConnect-Secure-Mobility-Client_acvpnagent_2079.map

EvtxECmd/Maps/Cisco-AnyConnect-Secure-Mobility-Client_acvpnagent_2085.map

EvtxECmd/Maps/Cisco-AnyConnect-Secure-Mobility-Client_acvpnagent_2086.map

EvtxECmd/Maps/Cisco-AnyConnect-Secure-Mobility-Client_acvpnagent_2127.map

EvtxECmd/Maps/Cisco-AnyConnect-Secure-Mobility-Client_acvpndownloader_5005.map

EvtxECmd/Maps/Cisco-AnyConnect-Secure-Mobility-Client_acvpnui_3021.map

EvtxECmd/Maps/CrowdStrike-Falcon-Sensor-CSFalconService-Operational_CrowdStrike-Falcon-Sensor-CSFalconService_3.map

EvtxECmd/Maps/CrowdStrike-Falcon-Sensor-CSFalconService-Operational_CrowdStrike-Falcon-Sensor-CSFalconService_4.map

EvtxECmd/Maps/Kaspersky-Endpoint-Security_avp_302.map

EvtxECmd/Maps/Kaspersky-Endpoint-Security_avp_362.map

EvtxECmd/Maps/Microsoft-Windows-AppID-Operational_Microsoft-Windows-AppID_4004.map

EvtxECmd/Maps/Microsoft-Windows-AppLocker-EXE-and-DLL_Microsoft-Windows-AppLocker_8002.map

EvtxECmd/Maps/Microsoft-Windows-AppLocker-EXE-and-DLL_Microsoft-Windows-AppLocker_8004.map

EvtxECmd/Maps/Microsoft-Windows-AppLocker-MSI-and-Script_Microsoft-Windows-AppLocker_8005.map

EvtxECmd/Maps/Microsoft-Windows-AppLocker-MSI-and-Script_Microsoft-Windows-AppLocker_8007.map

EvtxECmd/Maps/Microsoft-Windows-AppLocker-PackagedApp-Execution_Microsoft-Windows-AppLocker_8020.map

EvtxECmd/Maps/Microsoft-Windows-Application-Experience-Program-Compatibility-Assistant_Microsoft-Windows-Program-Compatibility-Assistant_17.map

EvtxECmd/Maps/Microsoft-Windows-Application-Experience-Program-Telemetry_Microsoft-Windows-Application-Experience_500.map

EvtxECmd/Maps/Microsoft-Windows-Application-Experience-Program-Telemetry_Microsoft-Windows-Application-Experience_505.map

EvtxECmd/Maps/Microsoft-Windows-Bits-Client-Operational_Microsoft-Windows-Bits-Client_3.map

EvtxECmd/Maps/Microsoft-Windows-Bits-Client-Operational_Microsoft-Windows-Bits-Client_4.map

EvtxECmd/Maps/Microsoft-Windows-Bits-Client-Operational_Microsoft-Windows-Bits-Client_5.map

EvtxECmd/Maps/Microsoft-Windows-Bits-Client-Operational_Microsoft-Windows-Bits-Client_59.map

EvtxECmd/Maps/Microsoft-Windows-Bits-Client-Operational_Microsoft-Windows-Bits-Client_60.map

EvtxECmd/Maps/Microsoft-Windows-Bits-Client-Operational_Microsoft-Windows-Bits-Client_61.map

EvtxECmd/Maps/Microsoft-Windows-Bits-Client-Operational_Microsoft-Windows-Bits-Client_64.map

EvtxECmd/Maps/Microsoft-Windows-DateTimeControlPanel-Operational_Microsoft-Windows-DateTimeControlPanel_20000.map

EvtxECmd/Maps/Microsoft-Windows-DeviceSetupManager-Admin_Microsoft-Windows-DeviceSetupManager_100.map

EvtxECmd/Maps/Microsoft-Windows-DeviceSetupManager-Admin_Microsoft-Windows-DeviceSetupManager_101.map

EvtxECmd/Maps/Microsoft-Windows-DeviceSetupManager-Admin_Microsoft-Windows-DeviceSetupManager_112.map

EvtxECmd/Maps/Microsoft-Windows-Dhcp-Client-Admin_Microsoft-Windows-Dhcp-Client_50067.map

EvtxECmd/Maps/Microsoft-Windows-Diagnostics-Performance-Operational_Microsoft-Windows-Diagnostics-Performance_100.map

EvtxECmd/Maps/Microsoft-Windows-Diagnostics-Performance-Operational_Microsoft-Windows-Diagnostics-Performance_101.map

EvtxECmd/Maps/Microsoft-Windows-Diagnostics-Performance-Operational_Microsoft-Windows-Diagnostics-Performance_200.map

EvtxECmd/Maps/Microsoft-Windows-DriverFrameworks-UserMode-Operational_Microsoft-Windows-DriverFrameworks-UserMode_2100.map

EvtxECmd/Maps/Microsoft-Windows-GroupPolicy-Operational_Microsoft-Windows-GroupPolicy_4004.map

EvtxECmd/Maps/Microsoft-Windows-GroupPolicy-Operational_Microsoft-Windows-GroupPolicy_4005.map

EvtxECmd/Maps/Microsoft-Windows-GroupPolicy-Operational_Microsoft-Windows-GroupPolicy_4016.map

EvtxECmd/Maps/Microsoft-Windows-GroupPolicy-Operational_Microsoft-Windows-GroupPolicy_4017.map

EvtxECmd/Maps/Microsoft-Windows-Hyper-V-VMMS-Admin_Microsoft-Windows-Hyper-V-Worker_13002.map

EvtxECmd/Maps/Microsoft-Windows-Hyper-V-Worker-Admin_Microsoft-Windows-Hyper-V-Worker_18500.map

EvtxECmd/Maps/Microsoft-Windows-Hyper-V-Worker-Admin_Microsoft-Windows-Hyper-V-Worker_18502.map

EvtxECmd/Maps/Microsoft-Windows-Hyper-V-Worker-Admin_Microsoft-Windows-Hyper-V-Worker_18508.map

EvtxECmd/Maps/Microsoft-Windows-Hyper-V-Worker-Admin_Microsoft-Windows-Hyper-V-Worker_18514.map

EvtxECmd/Maps/Microsoft-Windows-Kernel-PnP-Configuration_Microsoft-Windows-Kernel-PnP_400.map

EvtxECmd/Maps/Microsoft-Windows-Kernel-PnP-Configuration_Microsoft-Windows-Kernel-PnP_410.map

EvtxECmd/Maps/Microsoft-Windows-Kernel-PnP-Configuration_Microsoft-Windows-Kernel-PnP_430.map

EvtxECmd/Maps/Microsoft-Windows-NetworkProfile-Operational_Microsoft-Windows-NetworkProfile_10000.map

EvtxECmd/Maps/Microsoft-Windows-NetworkProfile-Operational_Microsoft-Windows-NetworkProfile_10001.map

EvtxECmd/Maps/Microsoft-Windows-Ntfs-Operational_Microsoft-Windows-Ntfs_142.map

EvtxECmd/Maps/Microsoft-Windows-Ntfs-Operational_Microsoft-Windows-Ntfs_145.map

EvtxECmd/Maps/Microsoft-Windows-Ntfs-Operational_Microsoft-Windows-Ntfs_146.map

EvtxECmd/Maps/Microsoft-Windows-Ntfs-Operational_Microsoft-Windows-Ntfs_151.map

EvtxECmd/Maps/Microsoft-Windows-Ntfs-Operational_Ntfs_55.map

EvtxECmd/Maps/Microsoft-Windows-Partition-Diagnostic_Microsoft-Windows-Partition_1006.map

EvtxECmd/Maps/Microsoft-Windows-PowerShell-Operational_Microsoft-Windows-PowerShell_4100.map

.ps1

EvtxECmd/Maps/Microsoft-Windows-PowerShell-Operational_Microsoft-Windows-PowerShell_4103.map

.ps1

EvtxECmd/Maps/Microsoft-Windows-PowerShell-Operational_Microsoft-Windows-PowerShell_4104.map

EvtxECmd/Maps/Microsoft-Windows-PrintService-Operational_Microsoft-Windows-PrintService_307.map

EvtxECmd/Maps/Microsoft-Windows-PrintService-Operational_Microsoft-Windows-PrintService_316.map

EvtxECmd/Maps/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS-Operational_Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_104.map

EvtxECmd/Maps/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS-Operational_Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_131.map

EvtxECmd/Maps/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS-Operational_Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_140.map

EvtxECmd/Maps/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS-Operational_Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_72.map

EvtxECmd/Maps/Microsoft-Windows-RemoteDesktopServices-RdpCoreTS-Operational_Microsoft-Windows-RemoteDesktopServices-RdpCoreTS_98.map

EvtxECmd/Maps/Microsoft-Windows-SMBServer-Audit_Microsoft-Windows-SMBServer_3000.map

EvtxECmd/Maps/Microsoft-Windows-SMBServer-Operational_Microsoft-Windows-SMBServer_1016.map

EvtxECmd/Maps/Microsoft-Windows-SMBServer-Operational_Microsoft-Windows-SMBServer_1017.map

EvtxECmd/Maps/Microsoft-Windows-SMBServer-Operational_Microsoft-Windows-SMBServer_1020.map

EvtxECmd/Maps/Microsoft-Windows-SMBServer-Security_Microsoft-Windows-SMBServer_551.map

EvtxECmd/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_28115.map

EvtxECmd/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_9701.map

EvtxECmd/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_9702.map

EvtxECmd/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_9703.map

EvtxECmd/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_9704.map

EvtxECmd/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_9705.map

EvtxECmd/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_9706.map

EvtxECmd/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_9707.map

EvtxECmd/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_9708.map

EvtxECmd/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_9709.map

EvtxECmd/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_9710.map

EvtxECmd/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_9711.map

EvtxECmd/Maps/Microsoft-Windows-Shell-Core-Operational_Microsoft-Windows-Shell-Core_9712.map

EvtxECmd/Maps/Microsoft-Windows-SmbClient-Connectivity_Microsoft-Windows-SMBClient_30805.map

EvtxECmd/Maps/Microsoft-Windows-SmbClient-Connectivity_Microsoft-Windows-SMBClient_30806.map

EvtxECmd/Maps/Microsoft-Windows-SmbClient-Connectivity_Microsoft-Windows-SMBClient_30807.map

EvtxECmd/Maps/Microsoft-Windows-SmbClient-Security_Microsoft-Windows-SMBClient_31001.map

EvtxECmd/Maps/Microsoft-Windows-SmbClient-Security_Microsoft-Windows-SMBClient_31010.map

EvtxECmd/Maps/Microsoft-Windows-Storage-ClassPnP-Operational_Microsoft-Windows-StorDiag_507.map

EvtxECmd/Maps/Microsoft-Windows-Storage-ClassPnP-Operational_Microsoft-Windows-Storage-ClassPnP_507.map

EvtxECmd/Maps/Microsoft-Windows-Storage-Storport-Operational_Microsoft-Windows-StorPort_504.map

EvtxECmd/Maps/Microsoft-Windows-Storage-Storport-Operational_Microsoft-Windows-StorPort_505.map

EvtxECmd/Maps/Microsoft-Windows-StorageSpaces-Driver-Operational_Microsoft-Windows-StorageSpaces-Driver_207.map

EvtxECmd/Maps/Microsoft-Windows-Storsvc-Diagnostic_Microsoft-Windows-Storsvc_1001.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_1.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_10.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_11.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_12.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_13.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_14.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_15.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_16.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_17.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_18.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_19.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_2.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_20.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_21.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_22.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_23.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_24.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_25.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_26.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_27.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_3.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_4.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_5.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_6.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_7.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_8.map

EvtxECmd/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_9.map

EvtxECmd/Maps/Microsoft-Windows-TZUtil-Operational_Microsoft-Windows-TZUtil_20001.map

EvtxECmd/Maps/Microsoft-Windows-TaskScheduler-Operational_Microsoft-Windows-TaskScheduler_100.map

EvtxECmd/Maps/Microsoft-Windows-TaskScheduler-Operational_Microsoft-Windows-TaskScheduler_102.map

EvtxECmd/Maps/Microsoft-Windows-TaskScheduler-Operational_Microsoft-Windows-TaskScheduler_106.map

EvtxECmd/Maps/Microsoft-Windows-TaskScheduler-Operational_Microsoft-Windows-TaskScheduler_119.map

EvtxECmd/Maps/Microsoft-Windows-TaskScheduler-Operational_Microsoft-Windows-TaskScheduler_129.map

EvtxECmd/Maps/Microsoft-Windows-TaskScheduler-Operational_Microsoft-Windows-TaskScheduler_140.map

EvtxECmd/Maps/Microsoft-Windows-TaskScheduler-Operational_Microsoft-Windows-TaskScheduler_141.map

EvtxECmd/Maps/Microsoft-Windows-TaskScheduler-Operational_Microsoft-Windows-TaskScheduler_200.map

EvtxECmd/Maps/Microsoft-Windows-TaskScheduler-Operational_Microsoft-Windows-TaskScheduler_201.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-Gateway-Operational_Microsoft-Windows-TerminalServices-Gateway_200.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-Gateway-Operational_Microsoft-Windows-TerminalServices-Gateway_300.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-Gateway-Operational_Microsoft-Windows-TerminalServices-Gateway_302.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-Gateway-Operational_Microsoft-Windows-TerminalServices-Gateway_303.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-Gateway-Operational_Microsoft-Windows-TerminalServices-Gateway_312.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-Gateway-Operational_Microsoft-Windows-TerminalServices-Gateway_313.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-LocalSessionManager-Operational_Microsoft-Windows-TerminalServices-LocalSessionManager_21.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-LocalSessionManager-Operational_Microsoft-Windows-TerminalServices-LocalSessionManager_22.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-LocalSessionManager-Operational_Microsoft-Windows-TerminalServices-LocalSessionManager_23.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-LocalSessionManager-Operational_Microsoft-Windows-TerminalServices-LocalSessionManager_24.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-LocalSessionManager-Operational_Microsoft-Windows-TerminalServices-LocalSessionManager_25.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-LocalSessionManager-Operational_Microsoft-Windows-TerminalServices-LocalSessionManager_39.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-LocalSessionManager-Operational_Microsoft-Windows-TerminalServices-LocalSessionManager_40.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-LocalSessionManager-Operational_Microsoft-Windows-TerminalServices-LocalSessionManager_41.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-RDPClient-Operational_Microsoft-Windows-TerminalServices-ClientActiveXCore_1024.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-RDPClient-Operational_Microsoft-Windows-TerminalServices-ClientActiveXCore_1025.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-RDPClient-Operational_Microsoft-Windows-TerminalServices-ClientActiveXCore_1026.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-RDPClient-Operational_Microsoft-Windows-TerminalServices-ClientActiveXCore_1027.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-RDPClient-Operational_Microsoft-Windows-TerminalServices-ClientActiveXCore_1029.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-RDPClient-Operational_Microsoft-Windows-TerminalServices-ClientActiveXCore_1102.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-RDPClient-Operational_Microsoft-Windows-TerminalServices-ClientActiveXCore_1103.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-RDPClient-Operational_Microsoft-Windows-TerminalServices-ClientActiveXCore_1105.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-RemoteConnectionManager-Operational_Microsoft-Windows-TerminalServices-RemoteConnectionManager_1149.map

EvtxECmd/Maps/Microsoft-Windows-TerminalServices-RemoteConnectionManager-Operational_Microsoft-Windows-TerminalServices-RemoteConnectionManager_261.map

EvtxECmd/Maps/Microsoft-Windows-UniversalTelemetryClient-Operational_Microsoft-Windows-UniversalTelemetryClient_55.map

EvtxECmd/Maps/Microsoft-Windows-User-Profile-Service-Operational_Microsoft-Windows-User-Profiles-Service_2.map

EvtxECmd/Maps/Microsoft-Windows-User-Profile-Service-Operational_Microsoft-Windows-User-Profiles-Service_4.map

EvtxECmd/Maps/Microsoft-Windows-User-Profile-Service-Operational_Microsoft-Windows-User-Profiles-Service_67.map

EvtxECmd/Maps/Microsoft-Windows-VHDMP-Operational_Microsoft-Windows-VHDMP_1.map

EvtxECmd/Maps/Microsoft-Windows-VHDMP-Operational_Microsoft-Windows-VHDMP_1_Current.map

EvtxECmd/Maps/Microsoft-Windows-VHDMP-Operational_Microsoft-Windows-VHDMP_1_Legacy.map

EvtxECmd/Maps/Microsoft-Windows-VHDMP-Operational_Microsoft-Windows-VHDMP_2.map

EvtxECmd/Maps/Microsoft-Windows-VHDMP-Operational_Microsoft-Windows-VHDMP_2_Current.map

EvtxECmd/Maps/Microsoft-Windows-VHDMP-Operational_Microsoft-Windows-VHDMP_2_Legacy.map

EvtxECmd/Maps/Microsoft-Windows-VHDMP-Operational_Microsoft-Windows-VHDMP_50_Current.map

EvtxECmd/Maps/Microsoft-Windows-VHDMP-Operational_Microsoft-Windows-VHDMP_51_Current.map

EvtxECmd/Maps/Microsoft-Windows-WER-Diag-Operational_Microsoft-Windows-WER-Diag_4.map

EvtxECmd/Maps/Microsoft-Windows-WLAN-AutoConfig-Operational_Microsoft-Windows-WLAN-AutoConfig_8000.map

EvtxECmd/Maps/Microsoft-Windows-WLAN-AutoConfig-Operational_Microsoft-Windows-WLAN-AutoConfig_8001.map

EvtxECmd/Maps/Microsoft-Windows-WLAN-AutoConfig-Operational_Microsoft-Windows-WLAN-AutoConfig_8002.map

EvtxECmd/Maps/Microsoft-Windows-WLAN-AutoConfig-Operational_Microsoft-Windows-WLAN-AutoConfig_8003.map

EvtxECmd/Maps/Microsoft-Windows-WMI-Activity-Operational_Microsoft-Windows-WMI-Activity_5857.map

EvtxECmd/Maps/Microsoft-Windows-WMI-Activity-Operational_Microsoft-Windows-WMI-Activity_5858.map

EvtxECmd/Maps/Microsoft-Windows-WMI-Activity-Operational_Microsoft-Windows-WMI-Activity_5860.map

EvtxECmd/Maps/Microsoft-Windows-WMI-Activity-Operational_Microsoft-Windows-WMI-Activity_5861.map

EvtxECmd/Maps/Microsoft-Windows-WPD-MTPClassDriver-Operational_Microsoft-Windows-WPD-MTPClassDriver_1005.map

EvtxECmd/Maps/Microsoft-Windows-WinINet-Config-ProxyConfigChanged_Microsoft-Windows-WinINet-Config_5600.map

EvtxECmd/Maps/Microsoft-Windows-WinRM-Operational_Microsoft-Windows-WinRM_169.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_1000.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_1001.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_1002.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_1003.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_1004.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_1005.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_1006.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_1008.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_1011.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_1013.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_1116.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_1117.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_1150.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_2000.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_5000.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_5001.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Defender-Operational_Microsoft-Windows-Windows-Defender_5007.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Firewall-With-Advanced-Security-Firewall_Microsoft-Windows-Windows-Firewall-With-Advanced-Security_2003.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Firewall-With-Advanced-Security-Firewall_Microsoft-Windows-Windows-Firewall-With-Advanced-Security_2004.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Firewall-With-Advanced-Security-Firewall_Microsoft-Windows-Windows-Firewall-With-Advanced-Security_2005.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Firewall-With-Advanced-Security-Firewall_Microsoft-Windows-Windows-Firewall-With-Advanced-Security_2006.map

EvtxECmd/Maps/Microsoft-Windows-Windows-Firewall-With-Advanced-Security-Firewall_Microsoft-Windows-Windows-Firewall-With-Advanced-Security_2011.map

EvtxECmd/Maps/Microsoft-Windows-Winlogon-Operational_Microsoft-Windows-Winlogon_811.map

EvtxECmd/Maps/Microsoft-Windows-Winlogon-Operational_Microsoft-Windows-Winlogon_812.map

EvtxECmd/Maps/OAlerts_Microsoft-Office-14-Alerts_300.map

EvtxECmd/Maps/OAlerts_Microsoft-Office-15-Alerts_300.map

EvtxECmd/Maps/OAlerts_Microsoft-Office-16-Alerts_300.map

EvtxECmd/Maps/OpenSSH-Operational_OpenSSH_4.map

EvtxECmd/Maps/Security_Microsoft-Windows-Eventlog_1100.map

EvtxECmd/Maps/Security_Microsoft-Windows-Eventlog_1102.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4608.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4611.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4616.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4624.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4625.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4634.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4647.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4648.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4656.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4657.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4658.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4661.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4662.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4663.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4672.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4673.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4674.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4688.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4689.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4696.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4697.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4698.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4699.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4700.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4701.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4702.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4703.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4704.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4705.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4706.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4707.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4713.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4716.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4717.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4718.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4719.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4720.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4722.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4723.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4724.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4725.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4726.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4728.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4731.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4732.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4733.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4734.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4735.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4738.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4740.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4741.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4742.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4743.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4764.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4768.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4769.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4770.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4771.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4772.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4773.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4774.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4775.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4776.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4777.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4778.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4779.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4781.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4782.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4793.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4797.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4798.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4799.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4800.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4801.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4802.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_4803.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5136.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5137.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5138.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5139.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5140.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5141.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5142.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5143.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5144.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5145.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5152.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5154.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5156.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5157.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5158.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5159.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_5379.map

EvtxECmd/Maps/Security_Microsoft-Windows-Security-Auditing_6416.map

EvtxECmd/Maps/SentinelOne-Operational_26.map

EvtxECmd/Maps/SentinelOne-Operational_31.map

EvtxECmd/Maps/SentinelOne-Operational_32.map

EvtxECmd/Maps/SentinelOne-Operational_81.map

EvtxECmd/Maps/SentinelOne-Operational_91.map

EvtxECmd/Maps/Splashtop-Splashtop Streamer-Remote Session-Operational_Splashtop-Splashtop Streamer-Remote Session_1000.map

EvtxECmd/Maps/Splashtop-Splashtop Streamer-Remote Session-Operational_Splashtop-Splashtop Streamer-Remote Session_1001.map

EvtxECmd/Maps/Splashtop-Splashtop Streamer-Remote Session-Operational_Splashtop-Splashtop Streamer-Remote Session_1100.map

EvtxECmd/Maps/Splashtop-Splashtop Streamer-Remote Session-Operational_Splashtop-Splashtop Streamer-Remote Session_1101.map

EvtxECmd/Maps/Splashtop-Splashtop Streamer-Remote Session-Operational_Splashtop-Splashtop Streamer-Remote Session_1110.map

EvtxECmd/Maps/Splashtop-Splashtop Streamer-Remote Session-Operational_Splashtop-Splashtop Streamer-Remote Session_1111.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_100.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_101.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_12.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_129.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_2.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_200.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_201.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_202.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_21.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_23.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_24.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_3.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_34054.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_34056.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_51.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_69.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_7.map

EvtxECmd/Maps/Symantec-Endpoint-Protection-Client_Symantec-Endpoint-Protection-Client_80.map

EvtxECmd/Maps/System_Application-Popup_26.map

EvtxECmd/Maps/System_EventLog_6005.map

EvtxECmd/Maps/System_EventLog_6006.map

EvtxECmd/Maps/System_EventLog_6008.map

EvtxECmd/Maps/System_EventLog_6013.map

EvtxECmd/Maps/System_LsaSrv_40960.map

EvtxECmd/Maps/System_LsaSrv_45057.map

EvtxECmd/Maps/System_Microsoft-Antimalware_1116.map

EvtxECmd/Maps/System_Microsoft-GroupPolicy_1129.map

EvtxECmd/Maps/System_Microsoft-Windows-Audit-CVE_2.map

EvtxECmd/Maps/System_Microsoft-Windows-DistributedCOM_10028.map

EvtxECmd/Maps/System_Microsoft-Windows-DriverFrameworks-UserMode_10000.map

EvtxECmd/Maps/System_Microsoft-Windows-Eventlog_104.map

EvtxECmd/Maps/System_Microsoft-Windows-GroupPolicy_1130.map

EvtxECmd/Maps/System_Microsoft-Windows-GroupPolicy_1500.map

EvtxECmd/Maps/System_Microsoft-Windows-GroupPolicy_1501.map

EvtxECmd/Maps/System_Microsoft-Windows-Kernel-General_1.map

EvtxECmd/Maps/System_Microsoft-Windows-Kernel-General_12.map

EvtxECmd/Maps/System_Microsoft-Windows-Kernel-General_13.map

EvtxECmd/Maps/System_Microsoft-Windows-Kernel-Power_42.map

EvtxECmd/Maps/System_Microsoft-Windows-Power-Troubleshooter_1.map

EvtxECmd/Maps/System_Microsoft-Windows-Time-Service_35.map

EvtxECmd/Maps/System_Microsoft-Windows-Time-Service_37.map

EvtxECmd/Maps/System_Microsoft-Windows-UserPnp_20001.map

EvtxECmd/Maps/System_Microsoft-Windows-UserPnp_20003.map

EvtxECmd/Maps/System_Microsoft-Windows-Winlogon_7001.map

EvtxECmd/Maps/System_Microsoft-Windows-Winlogon_7002.map

EvtxECmd/Maps/System_Service-Control-Manager_7031.map

EvtxECmd/Maps/System_Service-Control-Manager_7034.map

EvtxECmd/Maps/System_Service-Control-Manager_7035.map

EvtxECmd/Maps/System_Service-Control-Manager_7036.map

EvtxECmd/Maps/System_Service-Control-Manager_7040.map

EvtxECmd/Maps/System_Service-Control-Manager_7045.map

EvtxECmd/Maps/System_TermDD_56.map

EvtxECmd/Maps/System_User32_1074.map

EvtxECmd/Maps/Varonis_VrnsCifsQueueReport_5118.map

EvtxECmd/Maps/Varonis_VrnsCifsQueueReport_5120.map

EvtxECmd/Maps/Varonis_VrnsCifsQueue_5129.map

EvtxECmd/Maps/Varonis_VrnsCifsQueue_5138.map

EvtxECmd/Maps/Varonis_VrnsCifsQueue_5140.map

EvtxECmd/Maps/Varonis_VrnsCifsQueue_5172.map

EvtxECmd/Maps/Varonis_VrnsCifsQueue_5176.map

EvtxECmd/Maps/Varonis_VrnsCifsQueue_5213.map

EvtxECmd/Maps/Varonis_VrnsCifsQueue_5214.map

EvtxECmd/Maps/Varonis_VrnsCifsQueue_5220.map

EvtxECmd/Maps/Varonis_VrnsMon_5434.map

EvtxECmd/Maps/Varonis_VrnsSvcFW_900.map

EvtxECmd/Maps/Windows-PowerShell_PowerShell_400.map

EvtxECmd/Maps/Windows-PowerShell_PowerShell_403.map

EvtxECmd/Maps/Windows-PowerShell_PowerShell_600.map

EvtxECmd/Maps/Windows-PowerShell_PowerShell_800.map

EvtxECmd/Maps/adPWDManager_adPWDManager_110.map

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

8c:1b:e2:96:cd:b3:c2:32:2a:39:12:78:6d:54:c4:61Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

8c:1b:e2:96:cd:b3:c2:32:2a:39:12:78:6d:54:c4:61Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

66:f3:b9:60:ca:ff:d6:4f:c4:e5:a2:01:fc:65:db:61:ca:c2:14:39:98:35:5d:57:5d:a0:68:91:87:c0:92:c2Signer

ea:98:e7:a8:19:69:42:13:74:1b:f6:43:88:e5:21:b1:0a:4d:e4:e2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 4.8MB - Virtual size: 4.8MB

.rsrc Size: 140KB - Virtual size: 140KB

.reloc Size: 512B - Virtual size: 12B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

8c:1b:e2:96:cd:b3:c2:32:2a:39:12:78:6d:54:c4:61
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

8c:1b:e2:96:cd:b3:c2:32:2a:39:12:78:6d:54:c4:61
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

66:f3:b9:60:ca:ff:d6:4f:c4:e5:a2:01:fc:65:db:61:ca:c2:14:39:98:35:5d:57:5d:a0:68:91:87:c0:92:c2
Signer

ea:98:e7:a8:19:69:42:13:74:1b:f6:43:88:e5:21:b1:0a:4d:e4:e2
Signer

.text
Size: 4.8MB - Virtual size: 4.8MB

.rsrc
Size: 140KB - Virtual size: 140KB

.reloc
Size: 512B - Virtual size: 12B