Hugging Face's logo

bencyc1129
/
art-bert-base-cased

Fill-Mask
Transformers
TensorBoard
Safetensors
bert
Generated from Trainer
Model card Files
xet
Metrics Community
art-bert-base-cased / tokenizer.json
bencyc1129's picture
bencyc1129
Upload tokenizer
311b5f7 verified
raw
history blame contribute delete
193 kB
 {
"version": "1.0",
"truncation": null,
"padding": null,
"added_tokens": [
{
"id": 0,
"content": "[PAD]",
"single_word": false,
"lstrip": false,
"rstrip": false,
"normalized": false,
"special": true
},
{
"id": 1,
"content": "[UNK]",
"single_word": false,
"lstrip": false,
"rstrip": false,
"normalized": false,
"special": true
},
{
"id": 2,
"content": "[CLS]",
"single_word": false,
"lstrip": false,
"rstrip": false,
"normalized": false,
"special": true
},
{
"id": 3,
"content": "[SEP]",
"single_word": false,
"lstrip": false,
"rstrip": false,
"normalized": false,
"special": true
},
{
"id": 4,
"content": "[MASK]",
"single_word": false,
"lstrip": false,
"rstrip": false,
"normalized": false,
"special": true
}
],
"normalizer": {
"type": "BertNormalizer",
"clean_text": true,
"handle_chinese_chars": true,
"strip_accents": null,
"lowercase": false
},
"pre_tokenizer": {
"type": "BertPreTokenizer"
},
"post_processor": {
"type": "TemplateProcessing",
"single": [
{
"SpecialToken": {
"id": "[CLS]",
"type_id": 0
}
},
{
"Sequence": {
"id": "A",
"type_id": 0
}
},
{
"SpecialToken": {
"id": "[SEP]",
"type_id": 0
}
}
],
"pair": [
{
"SpecialToken": {
"id": "[CLS]",
"type_id": 0
}
},
{
"Sequence": {
"id": "A",
"type_id": 0
}
},
{
"SpecialToken": {
"id": "[SEP]",
"type_id": 0
}
},
{
"Sequence": {
"id": "B",
"type_id": 1
}
},
{
"SpecialToken": {
"id": "[SEP]",
"type_id": 1
}
}
],
"special_tokens": {
"[CLS]": {
"id": "[CLS]",
"ids": [
2
],
"tokens": [
"[CLS]"
]
},
"[SEP]": {
"id": "[SEP]",
"ids": [
3
],
"tokens": [
"[SEP]"
]
}
}
},
"decoder": {
"type": "WordPiece",
"prefix": "##",
"cleanup": true
},
"model": {
"type": "WordPiece",
"unk_token": "[UNK]",
"continuing_subword_prefix": "##",
"max_input_chars_per_word": 100,
"vocab": {
"[PAD]": 0,
"[UNK]": 1,
"[CLS]": 2,
"[SEP]": 3,
"[MASK]": 4,
"!": 5,
"\"": 6,
"#": 7,
"$": 8,
"%": 9,
"&": 10,
"'": 11,
"(": 12,
")": 13,
"*": 14,
"+": 15,
",": 16,
"-": 17,
".": 18,
"/": 19,
"0": 20,
"1": 21,
"2": 22,
"3": 23,
"4": 24,
"5": 25,
"6": 26,
"7": 27,
"8": 28,
"9": 29,
":": 30,
";": 31,
"<": 32,
"=": 33,
">": 34,
"?": 35,
"@": 36,
"A": 37,
"B": 38,
"C": 39,
"D": 40,
"E": 41,
"F": 42,
"G": 43,
"H": 44,
"I": 45,
"J": 46,
"K": 47,
"L": 48,
"M": 49,
"N": 50,
"O": 51,
"P": 52,
"Q": 53,
"R": 54,
"S": 55,
"T": 56,
"U": 57,
"V": 58,
"W": 59,
"X": 60,
"Y": 61,
"Z": 62,
"[": 63,
"\\": 64,
"]": 65,
"_": 66,
"`": 67,
"a": 68,
"b": 69,
"c": 70,
"d": 71,
"e": 72,
"f": 73,
"g": 74,
"h": 75,
"i": 76,
"j": 77,
"k": 78,
"l": 79,
"m": 80,
"n": 81,
"o": 82,
"p": 83,
"q": 84,
"r": 85,
"s": 86,
"t": 87,
"u": 88,
"v": 89,
"w": 90,
"x": 91,
"y": 92,
"z": 93,
"{": 94,
"|": 95,
"}": 96,
"~": 97,
"ë": 98,
"–": 99,
"‘": 100,
"’": 101,
"“": 102,
"”": 103,
"##x": 104,
"##p": 105,
"##l": 106,
"##o": 107,
"##i": 108,
"##t": 109,
"##a": 110,
"##n": 111,
"##h": 112,
"##c": 113,
"##e": 114,
"##s": 115,
"##r": 116,
"##d": 117,
"##v": 118,
"##k": 119,
"##u": 120,
"##m": 121,
"##f": 122,
"##w": 123,
"##q": 124,
"##y": 125,
"##U": 126,
"##D": 127,
"##O": 128,
"##b": 129,
"##j": 130,
"##E": 131,
"##M": 132,
"##P": 133,
"##z": 134,
"##g": 135,
"##1": 136,
"##5": 137,
"##4": 138,
"##6": 139,
"##I": 140,
"##L": 141,
"##N": 142,
"##A": 143,
"##S": 144,
"##3": 145,
"##R": 146,
"##0": 147,
"##2": 148,
"##C": 149,
"##Q": 150,
"##T": 151,
"##G": 152,
"##9": 153,
"##8": 154,
"##7": 155,
"##W": 156,
"##Y": 157,
"##B": 158,
"##H": 159,
"##F": 160,
"##V": 161,
"##X": 162,
"##K": 163,
"##Z": 164,
"##J": 165,
"##er": 166,
"##in": 167,
"##he": 168,
"##es": 169,
"##on": 170,
"##te": 171,
"##ti": 172,
"the": 173,
"##ll": 174,
"##ec": 175,
"##or": 176,
"##is": 177,
"##le": 178,
"##nd": 179,
"to": 180,
"##om": 181,
"##ing": 182,
"##re": 183,
"ex": 184,
"##tion": 185,
"##ow": 186,
"wi": 187,
"##ed": 188,
"##ic": 189,
"##en": 190,
"##at": 191,
"in": 192,
"us": 193,
"##ecu": 194,
"##ar": 195,
"##ou": 196,
"##as": 197,
"##al": 198,
"and": 199,
"##et": 200,
"##ess": 201,
"execu": 202,
"##ro": 203,
"##th": 204,
"fi": 205,
"##ta": 206,
"##ers": 207,
"##an": 208,
"will": 209,
"##ri": 210,
"##ma": 211,
"of": 212,
"##his": 213,
"##ate": 214,
"##od": 215,
"##cess": 216,
"##ul": 217,
"##un": 218,
"be": 219,
"com": 220,
"with": 221,
"##est": 222,
"file": 223,
"##ist": 224,
"##ad": 225,
"##ac": 226,
"Win": 227,
"##ut": 228,
"lo": 229,
"##hell": 230,
"is": 231,
"##tem": 232,
"##ys": 233,
"on": 234,
"##pt": 235,
"re": 236,
"##ation": 237,
"exe": 238,
"##ows": 239,
"execution": 240,
"##it": 241,
"##mand": 242,
"using": 243,
"##ol": 244,
"##ir": 245,
"##ay": 246,
"This": 247,
"for": 248,
"##ver": 249,
"##ia": 250,
"##ass": 251,
"##pl": 252,
"##dows": 253,
"##nt": 254,
"th": 255,
"test": 256,
"##um": 257,
"##am": 258,
"##rom": 259,
"##ystem": 260,
"su": 261,
"##pon": 262,
"##ent": 263,
"pro": 264,
"command": 265,
"##wor": 266,
"##ble": 267,
"##lo": 268,
"##ccess": 269,
"Windows": 270,
"con": 271,
"##il": 272,
"##ain": 273,
"Ex": 274,
"##st": 275,
"##if": 276,
"an": 277,
"Upon": 278,
"##ve": 279,
"via": 280,
"Pow": 281,
"user": 282,
"##im": 283,
"##ect": 284,
"by": 285,
"##ge": 286,
"##ted": 287,
"##ory": 288,
"ad": 289,
"##ck": 290,
"##ot": 291,
"de": 292,
"##ce": 293,
"##den": 294,
"##ew": 295,
"##ote": 296,
"##ry": 297,
"##qu": 298,
"that": 299,
"dis": 300,
"Re": 301,
"##word": 302,
"##assword": 303,
"at": 304,
"it": 305,
"or": 306,
"##ur": 307,
"##omain": 308,
"from": 309,
"run": 310,
"Power": 311,
"as": 312,
"##ch": 313,
"##erv": 314,
"log": 315,
"en": 316,
"##ice": 317,
"cre": 318,
"##til": 319,
"Cre": 320,
"##ary": 321,
"Dis": 322,
"##ccessf": 323,
"ac": 324,
"The": 325,
"system": 326,
"##sta": 327,
"##op": 328,
"##denti": 329,
"##wn": 330,
"sc": 331,
"##all": 332,
"Us": 333,
"##ft": 334,
"successf": 335,
"##ion": 336,
"##are": 337,
"st": 338,
"##gist": 339,
"##load": 340,
"PowerS": 341,
"password": 342,
"##les": 343,
"##able": 344,
"##ript": 345,
"In": 346,
"##min": 347,
"Ad": 348,
"##ile": 349,
"##ervice": 350,
"##id": 351,
"##for": 352,
"PowerShell": 353,
"mod": 354,
"##own": 355,
"successful": 356,
"this": 357,
"##ig": 358,
"##ount": 359,
"##ly": 360,
"##stall": 361,
"##put": 362,
"##cal": 363,
"##tes": 364,
"##count": 365,
"##gistry": 366,
"De": 367,
"##ata": 368,
"sh": 369,
"##out": 370,
"##mote": 371,
"domain": 372,
"##vers": 373,
"Execu": 374,
"##over": 375,
"##ter": 376,
"can": 377,
"Lo": 378,
"##play": 379,
"##ure": 380,
"##ction": 381,
"##so": 382,
"##rou": 383,
"##irect": 384,
"##ting": 385,
"display": 386,
"sp": 387,
"##cover": 388,
"wh": 389,
"##ates": 390,
"##ack": 391,
"##ies": 392,
"may": 393,
"##der": 394,
"##ity": 395,
"process": 396,
"##ke": 397,
"##ify": 398,
"##em": 399,
"##md": 400,
"##ated": 401,
"##ip": 402,
"##inu": 403,
"ch": 404,
"##dential": 405,
"##irectory": 406,
"##ule": 407,
"##ware": 408,
"##ershell": 409,
"util": 410,
"execute": 411,
"System": 412,
"##ost": 413,
"##inux": 414,
"##ownload": 415,
"En": 416,
"account": 417,
"##iz": 418,
"##ine": 419,
"set": 420,
"##ts": 421,
"##tive": 422,
"new": 423,
"##us": 424,
"##ech": 425,
"##tain": 426,
"##ication": 427,
"##Pwn": 428,
"##ous": 429,
"advers": 430,
"displayed": 431,
"files": 432,
"WinPwn": 433,
"Discover": 434,
"Linux": 435,
"##iqu": 436,
"##niqu": 437,
"Pro": 438,
"##ump": 439,
"service": 440,
"tech": 441,
"##ree": 442,
"##ode": 443,
"techniqu": 444,
"Com": 445,
"cmd": 446,
"data": 447,
"##per": 448,
"used": 449,
"se": 450,
"##up": 451,
"bas": 452,
"remote": 453,
"##older": 454,
"At": 455,
"##umer": 456,
"script": 457,
"##tr": 458,
"registry": 459,
"technique": 460,
"out": 461,
"##iew": 462,
"##tro": 463,
"local": 464,
"An": 465,
"mal": 466,
"##ple": 467,
"##el": 468,
"##ort": 469,
"##art": 470,
"##olic": 471,
"Discovery": 472,
"Ac": 473,
"you": 474,
"##age": 475,
"##ull": 476,
"mac": 477,
"##pen": 478,
"##omic": 479,
"pow": 480,
"##ment": 481,
"then": 482,
"install": 483,
"adversary": 484,
"all": 485,
"##oll": 486,
"Create": 487,
"##oot": 488,
"##roup": 489,
"Sh": 490,
"##ious": 491,
"##che": 492,
"##ud": 493,
"not": 494,
"shell": 495,
"##ten": 496,
"##dentials": 497,
"ke": 498,
"##OS": 499,
"##BS": 500,
"##mation": 501,
"##formation": 502,
"download": 503,
"folder": 504,
"##riv": 505,
"St": 506,
"##to": 507,
"##aun": 508,
"def": 509,
"Ch": 510,
"fun": 511,
"##xt": 512,
"##hen": 513,
"function": 514,
"ar": 515,
"##ult": 516,
"##opy": 517,
"tim": 518,
"Con": 519,
"##vent": 520,
"##ust": 521,
"##icious": 522,
"use": 523,
"##olicy": 524,
"##ty": 525,
"information": 526,
"##ame": 527,
"var": 528,
"##bs": 529,
"##urre": 530,
"##oo": 531,
"##tack": 532,
"##ang": 533,
"##urrent": 534,
"sim": 535,
"##ection": 536,
"##istory": 537,
"powershell": 538,
"Free": 539,
"##ld": 540,
"##ied": 541,
"##cript": 542,
"##BSD": 543,
"FreeBSD": 544,
"##ab": 545,
"##ault": 546,
"##end": 547,
"##ich": 548,
"##icro": 549,
"##ally": 550,
"spec": 551,
"which": 552,
"conf": 553,
"create": 554,
"Get": 555,
"Mod": 556,
"list": 557,
"##work": 558,
"contain": 559,
"##soft": 560,
"net": 561,
"we": 562,
"##ppl": 563,
"##ire": 564,
"##ther": 565,
"##ange": 566,
"do": 567,
"host": 568,
"was": 569,
"##ag": 570,
"##ning": 571,
"##ath": 572,
"##tempt": 573,
"al": 574,
"if": 575,
"per": 576,
"win": 577,
"##fy": 578,
"##lete": 579,
"users": 580,
"##ould": 581,
"##ask": 582,
"##icrosoft": 583,
"Domain": 584,
"access": 585,
"directory": 586,
"laun": 587,
"open": 588,
"##sion": 589,
"add": 590,
"##ail": 591,
"commands": 592,
"Microsoft": 593,
"bin": 594,
"##si": 595,
"##mp": 596,
"##32": 597,
"Add": 598,
"un": 599,
"##pp": 600,
"##se": 601,
"##ue": 602,
"##ST": 603,
"##ern": 604,
"##table": 605,
"so": 606,
"##heck": 607,
"executed": 608,
"env": 609,
"##ere": 610,
"Disable": 611,
"##dentify": 612,
"Use": 613,
"utility": 614,
"output": 615,
"Az": 616,
"##yp": 617,
"##LL": 618,
"##ark": 619,
"##ersis": 620,
"##tern": 621,
"key": 622,
"##pplication": 623,
"tr": 624,
"##ct": 625,
"##ress": 626,
"attack": 627,
"Admin": 628,
"specif": 629,
"##alc": 630,
"macOS": 631,
"Azure": 632,
"history": 633,
"##vo": 634,
"File": 635,
"group": 636,
"priv": 637,
"##erver": 638,
"##ick": 639,
"##rity": 640,
"AD": 641,
"policy": 642,
"val": 643,
"##ff": 644,
"##fil": 645,
"##wall": 646,
"##ind": 647,
"##our": 648,
"##eth": 649,
"##iron": 650,
"Directory": 651,
"code": 652,
"##rompt": 653,
"Registry": 654,
"bash": 655,
"malicious": 656,
"##ironment": 657,
"##sh": 658,
"##mon": 659,
"##int": 660,
"varia": 661,
"##ethod": 662,
"##ecurity": 663,
"##ard": 664,
"Executes": 665,
"default": 666,
"Set": 667,
"has": 668,
"##ap": 669,
"##cl": 670,
"##ru": 671,
"##ject": 672,
"##AC": 673,
"into": 674,
"##umerate": 675,
"Service": 676,
"pre": 677,
"##tu": 678,
"##av": 679,
"##ear": 680,
"##econ": 681,
"##ator": 682,
"attempt": 683,
"running": 684,
"##ftware": 685,
"Def": 686,
"##emp": 687,
"time": 688,
"config": 689,
"HK": 690,
"cl": 691,
"pr": 692,
"##dule": 693,
"##vid": 694,
"##ub": 695,
"##uer": 696,
"requ": 697,
"##ully": 698,
"WM": 699,
"##apt": 700,
"comp": 701,
"enc": 702,
"##ize": 703,
"Command": 704,
"##ender": 705,
"windows": 706,
"##filtr": 707,
"WMI": 708,
"DLL": 709,
"are": 710,
"em": 711,
"foll": 712,
"##ging": 713,
"##ID": 714,
"##ero": 715,
"##ayload": 716,
"modif": 717,
"##trol": 718,
"Active": 719,
"res": 720,
"##mis": 721,
"##LM": 722,
"##lear": 723,
"##ating": 724,
"##ession": 725,
"##ulates": 726,
"within": 727,
"admin": 728,
"atomic": 729,
"Log": 730,
"##mission": 731,
"current": 732,
"temp": 733,
"executable": 734,
"Powershell": 735,
"dele": 736,
"Remote": 737,
"credentials": 738,
"calc": 739,
"root": 740,
"##gh": 741,
"##SI": 742,
"##ase": 743,
"##rib": 744,
"##oded": 745,
"##istr": 746,
"##form": 747,
"follow": 748,
"Copy": 749,
"Mac": 750,
"dump": 751,
"##ox": 752,
"##awn": 753,
"##gr": 754,
"##64": 755,
"##aries": 756,
"##ules": 757,
"##ument": 758,
"User": 759,
"modify": 760,
"##igh": 761,
"Delete": 762,
"Atomic": 763,
"##troll": 764,
"##ook": 765,
"binary": 766,
"privile": 767,
"value": 768,
"ab": 769,
"check": 770,
"le": 771,
"##ires": 772,
"Creates": 773,
"Credentials": 774,
"std": 775,
"##idden": 776,
"##tence": 777,
"environment": 778,
"##ersistence": 779,
"Application": 780,
"Data": 781,
"HT": 782,
"To": 783,
"ha": 784,
"note": 785,
"tar": 786,
"task": 787,
"ver": 788,
"##ake": 789,
"##tent": 790,
"executes": 791,
"##ersion": 792,
"##olum": 793,
"##amed": 794,
"Install": 795,
"##ign": 796,
"Execute": 797,
"##rough": 798,
"setting": 799,
"stdout": 800,
"Net": 801,
"et": 802,
"man": 803,
"over": 804,
"when": 805,
"##pad": 806,
"##iti": 807,
"##fer": 808,
"##tection": 809,
"##tiv": 810,
"##orer": 811,
"start": 812,
"##puter": 813,
"Local": 814,
"Process": 815,
"##voke": 816,
"##olume": 817,
"Run": 818,
"Util": 819,
"no": 820,
"prompt": 821,
"##trib": 822,
"##reat": 823,
"##ans": 824,
"##plo": 825,
"##log": 826,
"should": 827,
"Execution": 828,
"##emory": 829,
"following": 830,
"##troller": 831,
"etc": 832,
"Un": 833,
"view": 834,
"##po": 835,
"##EM": 836,
"##ore": 837,
"##adow": 838,
"##plorer": 839,
"dev": 840,
"##fter": 841,
"module": 842,
"installed": 843,
"##ches": 844,
"variable": 845,
"Defender": 846,
"Fire": 847,
"li": 848,
"##port": 849,
"##ove": 850,
"##do": 851,
"##uil": 852,
"##AP": 853,
"comple": 854,
"Modify": 855,
"specified": 856,
"##apture": 857,
"##istrator": 858,
"List": 859,
"call": 860,
"copy": 861,
"mess": 862,
"session": 863,
"txt": 864,
"wri": 865,
"##ole": 866,
"##du": 867,
"##wd": 868,
"##ges": 869,
"##View": 870,
"##mage": 871,
"without": 872,
"only": 873,
"through": 874,
"##uration": 875,
"Invoke": 876,
"spawn": 877,
"see": 878,
"##udit": 879,
"##ernel": 880,
"##duled": 881,
"Identify": 882,
"Password": 883,
"So": 884,
"method": 885,
"path": 886,
"provid": 887,
"its": 888,
"##acket": 889,
"Account": 890,
"##ables": 891,
"##clud": 892,
"##uery": 893,
"Note": 894,
"T1": 895,
"ob": 896,
"payload": 897,
"sta": 898,
"##ext": 899,
"##ron": 900,
"##tif": 901,
"##ected": 902,
"logs": 903,
"created": 904,
"sche": 905,
"change": 906,
"malware": 907,
"network": 908,
"notepad": 909,
"verify": 910,
"Software": 911,
"Download": 912,
"If": 913,
"Security": 914,
"UAC": 915,
"dll": 916,
"server": 917,
"wor": 918,
"##and": 919,
"##nce": 920,
"##tic": 921,
"load": 922,
"disable": 923,
"Comp": 924,
"permission": 925,
"launch": 926,
"##rute": 927,
"##filtration": 928,
"about": 929,
"have": 930,
"Aut": 931,
"NT": 932,
"pip": 933,
"##xec": 934,
"##rary": 935,
"##ged": 936,
"##AM": 937,
"##SH": 938,
"##esk": 939,
"tool": 940,
"##ingle": 941,
"##rewall": 942,
"inter": 943,
"firewall": 944,
"Using": 945,
"##trac": 946,
"also": 947,
"HKLM": 948,
"HI": 949,
"Ke": 950,
"Th": 951,
"coll": 952,
"dec": 953,
"other": 954,
"##ith": 955,
"##yth": 956,
"##ET": 957,
"##LE": 958,
"##ermin": 959,
"uses": 960,
"##ults": 961,
"common": 962,
"computer": 963,
"##ace": 964,
"##cho": 965,
"##icket": 966,
"HIST": 967,
"buil": 968,
"echo": 969,
"named": 970,
"pl": 971,
"par": 972,
"pass": 973,
"up": 974,
"##bed": 975,
"##ome": 976,
"##ach": 977,
"loc": 978,
"##opies": 979,
"utiliz": 980,
"your": 981,
"Start": 982,
"perform": 983,
"##ource": 984,
"Network": 985,
"message": 986,
"##ython": 987,
"Current": 988,
"ES": 989,
"Test": 990,
"ls": 991,
"single": 992,
"typ": 993,
"##bit": 994,
"##Pro": 995,
"inf": 996,
"##ound": 997,
"##ample": 998,
"Requ": 999,
"Advers": 1000,
"Enc": 1001,
"Enumerate": 1002,
"Administrator": 1003,
"##econd": 1004,
"configuration": 1005,
"permissions": 1006,
"ESX": 1007,
"Group": 1008,
"JS": 1009,
"Out": 1010,
"Sc": 1011,
"Sear": 1012,
"SSH": 1013,
"VB": 1014,
"cer": 1015,
"event": 1016,
"free": 1017,
"memory": 1018,
"ne": 1019,
"role": 1020,
"sys": 1021,
"serv": 1022,
"second": 1023,
"##ill": 1024,
"##tor": 1025,
"##bal": 1026,
"##ord": 1027,
"##ish": 1028,
"##reen": 1029,
"##arp": 1030,
"##ulate": 1031,
"any": 1032,
"##imi": 1033,
"##rypt": 1034,
"processes": 1035,
"mach": 1036,
"##ched": 1037,
"art": 1038,
"##bsd": 1039,
"##gram": 1040,
"work": 1041,
"freebsd": 1042,
"Bas": 1043,
"Ed": 1044,
"Fil": 1045,
"SY": 1046,
"Volume": 1047,
"aut": 1048,
"after": 1049,
"identify": 1050,
"line": 1051,
"rec": 1052,
"ret": 1053,
"##line": 1054,
"##ak": 1055,
"##name": 1056,
"##ss": 1057,
"##ror": 1058,
"##und": 1059,
"##mark": 1060,
"##Upon": 1061,
"##ILE": 1062,
"##NS": 1063,
"##TP": 1064,
"##erb": 1065,
"their": 1066,
"##ener": 1067,
"##ensi": 1068,
"##quer": 1069,
"discover": 1070,
"##uring": 1071,
"PowerView": 1072,
"Share": 1073,
"simulates": 1074,
"prevent": 1075,
"##ookmark": 1076,
"pipe": 1077,
"20": 1078,
"Clear": 1079,
"Shell": 1080,
"Sim": 1081,
"audit": 1082,
"but": 1083,
"back": 1084,
"er": 1085,
"end": 1086,
"##rows": 1087,
"##bles": 1088,
"##let": 1089,
"##ence": 1090,
"includ": 1091,
"Explorer": 1092,
"Change": 1093,
"arg": 1094,
"##ternal": 1095,
"##tual": 1096,
"modification": 1097,
"privileges": 1098,
"built": 1099,
"##bedd": 1100,
"Access": 1101,
"Per": 1102,
"Python": 1103,
"RD": 1104,
"Sp": 1105,
"When": 1106,
"ev": 1107,
"find": 1108,
"get": 1109,
"persistence": 1110,
"und": 1111,
"##ok": 1112,
"##nc": 1113,
"##fully": 1114,
"##Com": 1115,
"##ices": 1116,
"##icate": 1117,
"ins": 1118,
"off": 1119,
"being": 1120,
"##admin": 1121,
"##irtual": 1122,
"##ames": 1123,
"##amet": 1124,
"##lock": 1125,
"Rem": 1126,
"attrib": 1127,
"order": 1128,
"logging": 1129,
"Uses": 1130,
"##ide": 1131,
"seen": 1132,
"##umeration": 1133,
"Chrom": 1134,
"web": 1135,
"##STEM": 1136,
"VBA": 1137,
"need": 1138,
"SYSTEM": 1139,
"Al": 1140,
"AP": 1141,
"Dump": 1142,
"DNS": 1143,
"Man": 1144,
"Red": 1145,
"app": 1146,
"text": 1147,
"##xy": 1148,
"##top": 1149,
"##ative": 1150,
"##col": 1151,
"##ev": 1152,
"##file": 1153,
"##Con": 1154,
"##FILE": 1155,
"##one": 1156,
"lock": 1157,
"sudo": 1158,
"content": 1159,
"logon": 1160,
"stor": 1161,
"##gister": 1162,
"##sole": 1163,
"chang": 1164,
"based": 1165,
"Shadow": 1166,
"##tocol": 1167,
"times": 1168,
"##ities": 1169,
"Firewall": 1170,
"##esktop": 1171,
"Adversaries": 1172,
"##undll": 1173,
"##ensitive": 1174,
"Copies": 1175,
"Event": 1176,
"Mal": 1177,
"Open": 1178,
"SO": 1179,
"ag": 1180,
"during": 1181,
"es": 1182,
"hidden": 1183,
"own": 1184,
"po": 1185,
"rules": 1186,
"##ption": 1187,
"##lag": 1188,
"##hav": 1189,
"##get": 1190,
"##SA": 1191,
"##RE": 1192,
"they": 1193,
"##asquer": 1194,
"##ading": 1195,
"##very": 1196,
"such": 1197,
"produ": 1198,
"##lobal": 1199,
"control": 1200,
"login": 1201,
"enable": 1202,
"enumerate": 1203,
"systems": 1204,
"what": 1205,
"accounts": 1206,
"##ired": 1207,
"##ypass": 1208,
"compress": 1209,
"embedd": 1210,
"##uments": 1211,
"Utilize": 1212,
"##point": 1213,
"scheduled": 1214,
"##undll32": 1215,
"again": 1216,
"##havi": 1217,
"All": 1218,
"App": 1219,
"Bl": 1220,
"Kerb": 1221,
"Res": 1222,
"kernel": 1223,
"must": 1224,
"ren": 1225,
"version": 1226,
"##kat": 1227,
"##ON": 1228,
"##IS": 1229,
"##00": 1230,
"##tec": 1231,
"exist": 1232,
"##ant": 1233,
"##ade": 1234,
"##itor": 1235,
"delete": 1236,
"actor": 1237,
"successfully": 1238,
"##use": 1239,
"keys": 1240,
"containing": 1241,
"doc": 1242,
"##ernet": 1243,
"encoded": 1244,
"settings": 1245,
"like": 1246,
"Key": 1247,
"ESXi": 1248,
"##katz": 1249,
"00": 1250,
"Bypass": 1251,
"LD": 1252,
"MSI": 1253,
"clear": 1254,
"cron": 1255,
"dri": 1256,
"name": 1257,
"obs": 1258,
"zero": 1259,
"##nection": 1260,
"##script": 1261,
"##ves": 1262,
"##SS": 1263,
"##install": 1264,
"them": 1265,
"##ream": 1266,
"##ache": 1267,
"##utes": 1268,
"program": 1269,
"console": 1270,
"##cel": 1271,
"##url": 1272,
"##ures": 1273,
"creates": 1274,
"passwords": 1275,
"##fore": 1276,
"share": 1277,
"datab": 1278,
"##ctl": 1279,
"specific": 1280,
"Setting": 1281,
"MacOS": 1282,
"target": 1283,
"##ansom": 1284,
"##tificate": 1285,
"##bitrary": 1286,
"Search": 1287,
"machine": 1288,
"error": 1289,
"endpoint": 1290,
"##rowser": 1291,
"Black": 1292,
"AW": 1293,
"Check": 1294,
"Capture": 1295,
"Off": 1296,
"Priv": 1297,
"Policy": 1298,
"Sys": 1299,
"det": 1300,
"gener": 1301,
"ip": 1302,
"image": 1303,
"main": 1304,
"oper": 1305,
"rest": 1306,
"security": 1307,
"some": 1308,
"ticket": 1309,
"##ber": 1310,
"##boot": 1311,
"##bject": 1312,
"##ong": 1313,
"##lev": 1314,
"exp": 1315,
"##ater": 1316,
"##arted": 1317,
"##tation": 1318,
"##tamp": 1319,
"Exfiltration": 1320,
"credential": 1321,
"screen": 1322,
"base": 1323,
"installation": 1324,
"##tension": 1325,
"Stop": 1326,
"Controller": 1327,
"##ternate": 1328,
"##ight": 1329,
"##igned": 1330,
"##tivity": 1331,
"##tract": 1332,
"Threat": 1333,
"paramet": 1334,
"Requires": 1335,
"Output": 1336,
"seconds": 1337,
"Files": 1338,
"RDP": 1339,
"Chrome": 1340,
"timestamp": 1341,
"embedded": 1342,
"against": 1343,
"AWS": 1344,
"Office": 1345,
"10": 1346,
"Cl": 1347,
"C2": 1348,
"Do": 1349,
"For": 1350,
"IIS": 1351,
"No": 1352,
"RA": 1353,
"Sche": 1354,
"UF": 1355,
"av": 1356,
"ent": 1357,
"##sv": 1358,
"##rst": 1359,
"##uth": 1360,
"##uage": 1361,
"##MD": 1362,
"##LI": 1363,
"explo": 1364,
"first": 1365,
"behavi": 1366,
"reg": 1367,
"sub": 1368,
"detection": 1369,
"disk": 1370,
"Reg": 1371,
"runs": 1372,
"mode": 1373,
"who": 1374,
"where": 1375,
"Attempt": 1376,
"##elp": 1377,
"Chang": 1378,
"##anguage": 1379,
"does": 1380,
"requires": 1381,
"deletes": 1382,
"HISTFILE": 1383,
"lsass": 1384,
"retri": 1385,
"stored": 1386,
"base64": 1387,
"UFW": 1388,
"Hidden": 1389,
"IP": 1390,
"Laun": 1391,
"NET": 1392,
"Over": 1393,
"Port": 1394,
"Persistence": 1395,
"Packet": 1396,
"Script": 1397,
"Task": 1398,
"application": 1399,
"brute": 1400,
"each": 1401,
"found": 1402,
"query": 1403,
"would": 1404,
"zip": 1405,
"##ob": 1406,
"##og": 1407,
"##ner": 1408,
"##cs": 1409,
"##eb": 1410,
"##ring": 1411,
"##dump": 1412,
"##ually": 1413,
"##ync": 1414,
"##ML": 1415,
"##lean": 1416,
"##ndard": 1417,
"executing": 1418,
"threat": 1419,
"profile": 1420,
"ass": 1421,
"logged": 1422,
"Disables": 1423,
"Loot": 1424,
"##ustom": 1425,
"##abil": 1426,
"launches": 1427,
"HTTP": 1428,
"##Process": 1429,
"JScript": 1430,
"services": 1431,
"##imikatz": 1432,
"autom": 1433,
"##ookmarks": 1434,
"LDAP": 1435,
"##ansomware": 1436,
"Find": 1437,
"Pr": 1438,
"Query": 1439,
"block": 1440,
"non": 1441,
"ps": 1442,
"port": 1443,
"source": 1444,
"sensitive": 1445,
"##picious": 1446,
"##ler": 1447,
"##ition": 1448,
"##ive": 1449,
"##net": 1450,
"##cc": 1451,
"##com": 1452,
"##eat": 1453,
"##eam": 1454,
"##exec": 1455,
"##ute": 1456,
"##Util": 1457,
"##OM": 1458,
"##Ex": 1459,
"##gg": 1460,
"##gle": 1461,
"##IN": 1462,
"##TW": 1463,
"##ink": 1464,
"input": 1465,
"##ecur": 1466,
"##ann": 1467,
"##unc": 1468,
"Win32": 1469,
"##its": 1470,
"force": 1471,
"string": 1472,
"sets": 1473,
"adversaries": 1474,
"##oogle": 1475,
"contains": 1476,
"launched": 1477,
"software": 1478,
"attacks": 1479,
"startup": 1480,
"passwd": 1481,
"Encoded": 1482,
"Scan": 1483,
"under": 1484,
"contents": 1485,
"Kerbero": 1486,
"##tected": 1487,
"database": 1488,
"##leanup": 1489,
"GP": 1490,
"Global": 1491,
"Google": 1492,
"History": 1493,
"PS": 1494,
"Sn": 1495,
"With": 1496,
"flag": 1497,
"ms": 1498,
"num": 1499,
"packet": 1500,
"tri": 1501,
"##pass": 1502,
"##li": 1503,
"##ause": 1504,
"##cip": 1505,
"##de": 1506,
"##mod": 1507,
"##wri": 1508,
"##Object": 1509,
"##bo": 1510,
"##box": 1511,
"##jection": 1512,
"##Pack": 1513,
"##Version": 1514,
"##incip": 1515,
"##tend": 1516,
"insta": 1517,
"##ast": 1518,
"been": 1519,
"before": 1520,
"Winlog": 1521,
"##old": 1522,
"##amper": 1523,
"controller": 1524,
"##ilar": 1525,
"bypass": 1526,
"Credential": 1527,
"action": 1528,
"Lock": 1529,
"utilize": 1530,
"remotely": 1531,
"Attack": 1532,
"allow": 1533,
"variables": 1534,
"required": 1535,
"modified": 1536,
"deleted": 1537,
"provided": 1538,
"Auto": 1539,
"Startup": 1540,
"CurrentVersion": 1541,
"Bash": 1542,
"Remove": 1543,
"parameter": 1544,
"exploi": 1545,
"##incipal": 1546,
"Winlogon": 1547,
"AV": 1548,
"By": 1549,
"CMD": 1550,
"He": 1551,
"It": 1552,
"Int": 1553,
"Kernel": 1554,
"LSA": 1555,
"PID": 1556,
"UP": 1557,
"Word": 1558,
"You": 1559,
"box": 1560,
"custom": 1561,
"cleanup": 1562,
"elev": 1563,
"go": 1564,
"how": 1565,
"kn": 1566,
"lis": 1567,
"later": 1568,
"null": 1569,
"pack": 1570,
"part": 1571,
"persis": 1572,
"vul": 1573,
"virtual": 1574,
"##pted": 1575,
"##ial": 1576,
"##harp": 1577,
"##ced": 1578,
"##eve": 1579,
"##fl": 1580,
"##fus": 1581,
"##OR": 1582,
"##hes": 1583,
"##ties": 1584,
"##ecre": 1585,
"extension": 1586,
"##cessfully": 1587,
"##pty": 1588,
"rem": 1589,
"##irm": 1590,
"sucessfully": 1591,
"proper": 1592,
"Excel": 1593,
"##rypted": 1594,
"Users": 1595,
"PowerSharp": 1596,
"Env": 1597,
"Enable": 1598,
"Protocol": 1599,
"cmdlet": 1600,
"downloading": 1601,
"arbitrary": 1602,
"Control": 1603,
"confirm": 1604,
"Modif": 1605,
"Module": 1606,
"added": 1607,
"address": 1608,
"##siexec": 1609,
"prere": 1610,
"empty": 1611,
"dumped": 1612,
"HTML": 1613,
"##ference": 1614,
"utilizing": 1615,
"API": 1616,
"enabled": 1617,
"avail": 1618,
"behavior": 1619,
"Changes": 1620,
"LSASS": 1621,
"UPX": 1622,
"##fusc": 1623,
"PowerSharpPack": 1624,
"Cent": 1625,
"Em": 1626,
"EX": 1627,
"Has": 1628,
"Kub": 1629,
"Method": 1630,
"Su": 1631,
"Tr": 1632,
"View": 1633,
"Web": 1634,
"boot": 1635,
"cache": 1636,
"dif": 1637,
"ei": 1638,
"every": 1639,
"numer": 1640,
"pri": 1641,
"volume": 1642,
"##ever": 1643,
"##rc": 1644,
"##ray": 1645,
"##ution": 1646,
"##ual": 1647,
"##fig": 1648,
"##ym": 1649,
"##UID": 1650,
"##bl": 1651,
"##Pwd": 1652,
"##IT": 1653,
"##AN": 1654,
"##ARE": 1655,
"##RL": 1656,
"##esc": 1657,
"##orts": 1658,
"exfiltration": 1659,
"##ense": 1660,
"##atch": 1661,
"##ance": 1662,
"there": 1663,
"username": 1664,
"##urn": 1665,
"started": 1666,
"Dele": 1667,
"Load": 1668,
"##izing": 1669,
"sear": 1670,
"##udo": 1671,
"##hentic": 1672,
"similar": 1673,
"##ager": 1674,
"##ails": 1675,
"trunc": 1676,
"groups": 1677,
"##tutil": 1678,
"attempts": 1679,
"configure": 1680,
"##ueries": 1681,
"Logging": 1682,
"leg": 1683,
"lever": 1684,
"manually": 1685,
"##ferent": 1686,
"Utilizing": 1687,
"Uninstall": 1688,
"write": 1689,
"T10": 1690,
"Compress": 1691,
"plac": 1692,
"info": 1693,
"Groups": 1694,
"Permission": 1695,
"##Command": 1696,
"appear": 1697,
"changed": 1698,
"Malware": 1699,
"##asquerading": 1700,
"##ernetes": 1701,
"Settings": 1702,
"maintain": 1703,
"entry": 1704,
"Launch": 1705,
"##ability": 1706,
"number": 1707,
"vulner": 1708,
"Kubernetes": 1709,
"different": 1710,
"either": 1711,
"Browser": 1712,
"Cr": 1713,
"CA": 1714,
"CH": 1715,
"Cer": 1716,
"Image": 1717,
"New": 1718,
"On": 1719,
"Ps": 1720,
"Payload": 1721,
"Rundll32": 1722,
"SM": 1723,
"TEM": 1724,
"Team": 1725,
"VM": 1726,
"VBS": 1727,
"capture": 1728,
"desktop": 1729,
"few": 1730,
"feat": 1731,
"im": 1732,
"mail": 1733,
"might": 1734,
"rs": 1735,
"rule": 1736,
"sv": 1737,
"sw": 1738,
"try": 1739,
"##ool": 1740,
"##af": 1741,
"##nti": 1742,
"##nect": 1743,
"##cut": 1744,
"##mun": 1745,
"##mPwd": 1746,
"##DS": 1747,
"##Path": 1748,
"##FTW": 1749,
"##ined": 1750,
"##lly": 1751,
"##ically": 1752,
"##tance": 1753,
"##mate": 1754,
"one": 1755,
"read": 1756,
"reboot": 1757,
"##ations": 1758,
"##plic": 1759,
"##romis": 1760,
"connection": 1761,
"##ild": 1762,
"##vely": 1763,
"##ime": 1764,
"##chost": 1765,
"enumeration": 1766,
"AdmPwd": 1767,
"spool": 1768,
"##ization": 1769,
"Attrib": 1770,
"##ortcut": 1771,
"##sively": 1772,
"attacker": 1773,
"compromis": 1774,
"results": 1775,
"tempor": 1776,
"InstallUtil": 1777,
"##itimate": 1778,
"##ploy": 1779,
"called": 1780,
"provide": 1781,
"NTDS": 1782,
"##erminal": 1783,
"arguments": 1784,
"##eved": 1785,
"SOFTW": 1786,
"driver": 1787,
"Scheduled": 1788,
"##uthor": 1789,
"##ecursively": 1790,
"packets": 1791,
"##tended": 1792,
"Attackers": 1793,
"exploitation": 1794,
"Environment": 1795,
"Successf": 1796,
"configured": 1797,
"legitimate": 1798,
"TEMP": 1799,
"rsync": 1800,
"svchost": 1801,
"SOFTWARE": 1802,
"From": 1803,
"Host": 1804,
"LO": 1805,
"MS": 1806,
"Prompt": 1807,
"Sus": 1808,
"Ticket": 1809,
"Tamper": 1810,
"bit": 1811,
"cr": 1812,
"dit": 1813,
"full": 1814,
"gu": 1815,
"help": 1816,
"ind": 1817,
"imp": 1818,
"just": 1819,
"jour": 1820,
"language": 1821,
"mul": 1822,
"post": 1823,
"queries": 1824,
"ransomware": 1825,
"ste": 1826,
"ssh": 1827,
"tw": 1828,
"tmp": 1829,
"wm": 1830,
"wish": 1831,
"##por": 1832,
"##ling": 1833,
"##os": 1834,
"##ock": 1835,
"##ale": 1836,
"##atic": 1837,
"##nal": 1838,
"##hip": 1839,
"##code": 1840,
"##ep": 1841,
"##sing": 1842,
"##res": 1843,
"##dow": 1844,
"##ken": 1845,
"##fw": 1846,
"##Dump": 1847,
"##brary": 1848,
"##Exec": 1849,
"##IG": 1850,
"##To": 1851,
"##erve": 1852,
"##ines": 1853,
"##inal": 1854,
"##tect": 1855,
"##tim": 1856,
"##llo": 1857,
"example": 1858,
"extract": 1859,
"intended": 1860,
"##ership": 1861,
"##rike": 1862,
"##ulating": 1863,
"proxy": 1864,
"Export": 1865,
"Read": 1866,
"enables": 1867,
"creation": 1868,
"##stabl": 1869,
"stream": 1870,
"Injection": 1871,
"shadow": 1872,
"##ipbo": 1873,
"chmod": 1874,
"utilities": 1875,
"send": 1876,
"scripts": 1877,
"Sharp": 1878,
"functional": 1879,
"lists": 1880,
"##ages": 1881,
"opened": 1882,
"##shark": 1883,
"hash": 1884,
"##aph": 1885,
"class": 1886,
"Logs": 1887,
"device": 1888,
"copying": 1889,
"##duct": 1890,
"obtain": 1891,
"standard": 1892,
"##andler": 1893,
"tools": 1894,
"collection": 1895,
"upd": 1896,
"type": 1897,
"syslog": 1898,
"Editor": 1899,
"discovery": 1900,
"Alternate": 1901,
"escal": 1902,
"ownership": 1903,
"Results": 1904,
"observe": 1905,
"determin": 1906,
"Snake": 1907,
"prereq": 1908,
"journal": 1909,
"multi": 1910,
"##ipboard": 1911,
"Ar": 1912,
"After": 1913,
"Base": 1914,
"Brute": 1915,
"Code": 1916,
"COM": 1917,
"Desktop": 1918,
"Folder": 1919,
"LAP": 1920,
"Masquerading": 1921,
"Oper": 1922,
"Path": 1923,
"Sta": 1924,
"Server": 1925,
"Ub": 1926,
"US": 1927,
"bookmarks": 1928,
"could": 1929,
"curl": 1930,
"establ": 1931,
"long": 1932,
"mcs": 1933,
"pull": 1934,
"ports": 1935,
"red": 1936,
"rundll32": 1937,
"same": 1938,
"take": 1939,
"tshark": 1940,
"upon": 1941,
"ufw": 1942,
"want": 1943,
"##pa": 1944,
"##her": 1945,
"##host": 1946,
"##cp": 1947,
"##ses": 1948,
"##fox": 1949,
"##bod": 1950,
"##ER": 1951,
"##EY": 1952,
"##gine": 1953,
"##In": 1954,
"##NC": 1955,
"##Set": 1956,
"##36": 1957,
"##33": 1958,
"##21": 1959,
"##CP": 1960,
"##CLI": 1961,
"##Bit": 1962,
"##ZE": 1963,
"##ination": 1964,
"##onitor": 1965,
"##text": 1966,
"##orm": 1967,
"##read": 1968,
"exfiltr": 1969,
"##ases": 1970,
"##asion": 1971,
"##tables": 1972,
"##ular": 1973,
"##untu": 1974,
"##irus": 1975,
"form": 1976,
"##look": 1977,
"Exam": 1978,
"##vel": 1979,
"##cket": 1980,
"##otenti": 1981,
"##chi": 1982,
"store": 1983,
"modules": 1984,
"chown": 1985,
"Enumeration": 1986,
"##ized": 1987,
"##olicies": 1988,
"allows": 1989,
"defender": 1990,
"vari": 1991,
"##abling": 1992,
"specify": 1993,
"container": 1994,
"containers": 1995,
"##aging": 1996,
"trick": 1997,
"##void": 1998,
"##jects": 1999,
"##aptures": 2000,
"compile": 2001,
"Login": 2002,
"##SIZE": 2003,
"Macro": 2004,
"##ights": 2005,
"privilege": 2006,
"nobod": 2007,
"Firefox": 2008,
"##ovement": 2009,
"T11": 2010,
"T15": 2011,
"obfusc": 2012,
"NTLM": 2013,
"collect": 2014,
"utilizes": 2015,
"including": 2016,
"##Control": 2017,
"existing": 2018,
"likely": 2019,
"RAT": 2020,
"Regsv": 2021,
"automatic": 2022,
"##gger": 2023,
"Kerberos": 2024,
"LockBit": 2025,
"elevated": 2026,
"going": 2027,
"available": 2028,
"##hentication": 2029,
"CHM": 2030,
"SMB": 2031,
"feature": 2032,
"Successful": 2033,
"Suspicious": 2034,
"determine": 2035,
"multiple": 2036,
"Base64": 2037,
"LAPS": 2038,
"Ubuntu": 2039,
"nobody": 2040,
"Bin": 2041,
"Cmd": 2042,
"Coll": 2043,
"Dark": 2044,
"Ev": 2045,
"Gr": 2046,
"IN": 2047,
"Imp": 2048,
"Memory": 2049,
"Mimikatz": 2050,
"OS": 2051,
"PAM": 2052,
"Root": 2053,
"Recon": 2054,
"Rock": 2055,
"Session": 2056,
"Saf": 2057,
"Up": 2058,
"VI": 2059,
"Virtual": 2060,
"Wer": 2061,
"achi": 2062,
"cor": 2063,
"direct": 2064,
"gain": 2065,
"hi": 2066,
"high": 2067,
"id": 2068,
"linux": 2069,
"last": 2070,
"mark": 2071,
"more": 2072,
"rm": 2073,
"ran": 2074,
"recursively": 2075,
"sample": 2076,
"secre": 2077,
"vbs": 2078,
"wscript": 2079,
"##password": 2080,
"##lter": 2081,
"##oz": 2082,
"##other": 2083,
"##ient": 2084,
"##ays": 2085,
"##aft": 2086,
"##ci": 2087,
"##r32": 2088,
"##dmin": 2089,
"##face": 2090,
"##zip": 2091,
"##gan": 2092,
"##55": 2093,
"##Server": 2094,
"##Re": 2095,
"##27": 2096,
"##CU": 2097,
"##CK": 2098,
"##Time": 2099,
"##Hound": 2100,
"##Fault": 2101,
"##internal": 2102,
"##tead": 2103,
"these": 2104,
"##lets": 2105,
"explorer": 2106,
"external": 2107,
"##ari": 2108,
"##arac": 2109,
"##arts": 2110,
"filter": 2111,
"##ulation": 2112,
"look": 2113,
"rel": 2114,
"##ply": 2115,
"proc": 2116,
"##ily": 2117,
"another": 2118,
"##cker": 2119,
"ens": 2120,
"active": 2121,
"activity": 2122,
"scann": 2123,
"##arent": 2124,
"##puters": 2125,
"Detection": 2126,
"##emb": 2127,
"Proxy": 2128,
"##perties": 2129,
"##tra": 2130,
"Activity": 2131,
"##agement": 2132,
"downloaded": 2133,
"Stream": 2134,
"defined": 2135,
"Config": 2136,
"##uster": 2137,
"well": 2138,
"unl": 2139,
"attackers": 2140,
"HKCU": 2141,
"cluster": 2142,
"print": 2143,
"principal": 2144,
"encrypt": 2145,
"result": 2146,
"level": 2147,
"HTA": 2148,
"Uncom": 2149,
"Compile": 2150,
"Autom": 2151,
"collected": 2152,
"locale": 2153,
"typically": 2154,
"certificate": 2155,
"certutil": 2156,
"servers": 2157,
"works": 2158,
"include": 2159,
"attributes": 2160,
"attribute": 2161,
"Manager": 2162,
"locked": 2163,
"SOCK": 2164,
"##asquerade": 2165,
"document": 2166,
"documents": 2167,
"tickets": 2168,
"Class": 2169,
"Force": 2170,
"Overwri": 2171,
"Hello": 2172,
"known": 2173,
"Emulates": 2174,
"numerous": 2175,
"truncate": 2176,
"PsExec": 2177,
"##plicated": 2178,
"Attributes": 2179,
"temporary": 2180,
"functionality": 2181,
"##ormal": 2182,
"format": 2183,
"Examine": 2184,
"Regsvr32": 2185,
"Rocke": 2186,
"WerFault": 2187,
"##internals": 2188,
"##aracter": 2189,
"scanned": 2190,
"Uncomplicated": 2191,
"AM": 2192,
"AF": 2193,
"Audit": 2194,
"Cron": 2195,
"Dec": 2196,
"Den": 2197,
"Every": 2198,
"Gu": 2199,
"ID": 2200,
"Item": 2201,
"Msiexec": 2202,
"Moz": 2203,
"Rest": 2204,
"Wor": 2205,
"avoid": 2206,
"bp": 2207,
"bec": 2208,
"cat": 2209,
"cap": 2210,
"ds": 2211,
"gr": 2212,
"mimikatz": 2213,
"masquerade": 2214,
"native": 2215,
"pat": 2216,
"pur": 2217,
"pus": 2218,
"rights": 2219,
"sav": 2220,
"sym": 2221,
"ter": 2222,
"tty": 2223,
"tcp": 2224,
"##xity": 2225,
"##ps": 2226,
"##ix": 2227,
"##the": 2228,
"##aem": 2229,
"##ness": 2230,
"##van": 2231,
"##view": 2232,
"##ues": 2233,
"##mu": 2234,
"##ball": 2235,
"##EL": 2236,
"##MAN": 2237,
"##Item": 2238,
"##SR": 2239,
"##Shell": 2240,
"##Tr": 2241,
"##The": 2242,
"##init": 2243,
"##ested": 2244,
"exec": 2245,
"exclud": 2246,
"##ares": 2247,
"##arily": 2248,
"##etch": 2249,
"##ription": 2250,
"##mail": 2251,
"##ulator": 2252,
"##act": 2253,
"##utl": 2254,
"register": 2255,
"##irection": 2256,
"thus": 2257,
"protocol": 2258,
"cons": 2259,
"Extract": 2260,
"##str": 2261,
"logout": 2262,
"##ilent": 2263,
"##soci": 2264,
"##round": 2265,
"choo": 2266,
"Product": 2267,
"Properties": 2268,
"##umerates": 2269,
"installer": 2270,
"shellcode": 2271,
"downloads": 2272,
"arp": 2273,
"##usts": 2274,
"simple": 2275,
"simulate": 2276,
"simply": 2277,
"alternate": 2278,
"openss": 2279,
"adding": 2280,
"Addition": 2281,
"##ternative": 2282,
"trusts": 2283,
"HKEY": 2284,
"clipboard": 2285,
"request": 2286,
"encrypted": 2287,
"Tool": 2288,
"hand": 2289,
"completed": 2290,
"completes": 2291,
"complexity": 2292,
"Lists": 2293,
"object": 2294,
"##tification": 2295,
"schedule": 2296,
"loaded": 2297,
"Keys": 2298,
"decod": 2299,
"decode": 2300,
"##ithub": 2301,
"##aching": 2302,
"location": 2303,
"CurrentControl": 2304,
"Encrypt": 2305,
"Screen": 2306,
"##illa": 2307,
"Basic": 2308,
"Edit": 2309,
"Clears": 2310,
"Simulate": 2311,
"inside": 2312,
"offline": 2313,
"Manip": 2314,
"Malicious": 2315,
"point": 2316,
"production": 2317,
"Append": 2318,
"renamed": 2319,
"exists": 2320,
"details": 2321,
"iptables": 2322,
"retrieve": 2323,
"ps1": 2324,
"EncodedCommand": 2325,
"instance": 2326,
"Internet": 2327,
"listen": 2328,
"packed": 2329,
"persistent": 2330,
"remove": 2331,
"Hash": 2332,
"prior": 2333,
"Deletes": 2334,
"search": 2335,
"placed": 2336,
"Certificate": 2337,
"##munication": 2338,
"compromised": 2339,
"escalation": 2340,
"COMMAN": 2341,
"establish": 2342,
"variations": 2343,
"Binary": 2344,
"VIB": 2345,
"related": 2346,
"AMSI": 2347,
"Mozilla": 2348,
"bpf": 2349,
"purpo": 2350,
"##aemon": 2351,
"openssl": 2352,
"Additionally": 2353,
"CurrentControlSet": 2354,
"COMMAND": 2355,
"Bookmarks": 2356,
"BIT": 2357,
"Can": 2358,
"Cim": 2359,
"Calc": 2360,
"Dll": 2361,
"Gener": 2362,
"Help": 2363,
"Handler": 2364,
"Ide": 2365,
"Li": 2366,
"Mail": 2367,
"Non": 2368,
"Own": 2369,
"PU": 2370,
"Pre": 2371,
"Pop": 2372,
"PAC": 2373,
"Policies": 2374,
"Rec": 2375,
"Serv": 2376,
"SIG": 2377,
"Silent": 2378,
"URL": 2379,
"UNC": 2380,
"Via": 2381,
"bl": 2382,
"bat": 2383,
"copies": 2384,
"don": 2385,
"dest": 2386,
"down": 2387,
"fam": 2388,
"fur": 2389,
"github": 2390,
"he": 2391,
"hal": 2392,
"ima": 2393,
"me": 2394,
"mak": 2395,
"py": 2396,
"ping": 2397,
"potenti": 2398,
"size": 2399,
"##pec": 2400,
"##lic": 2401,
"##off": 2402,
"##ogr": 2403,
"##tten": 2404,
"##ais": 2405,
"##aults": 2406,
"##nam": 2407,
"##nais": 2408,
"##cation": 2409,
"##cts": 2410,
"##ser": 2411,
"##sance": 2412,
"##ric": 2413,
"##rame": 2414,
"##date": 2415,
"##dit": 2416,
"##down": 2417,
"##kit": 2418,
"##ynam": 2419,
"##OL": 2420,
"##bot": 2421,
"##jack": 2422,
"##Ass": 2423,
"##Admin": 2424,
"##Service": 2425,
"##RI": 2426,
"##Run": 2427,
"##CA": 2428,
"##Cmd": 2429,
"##Test": 2430,
"##Gate": 2431,
"##KET": 2432,
"##esfully": 2433,
"theft": 2434,
"thepassword": 2435,
"token": 2436,
"##red": 2437,
"exit": 2438,
"extrac": 2439,
"##atus": 2440,
"##aster": 2441,
"##ries": 2442,
"##main": 2443,
"often": 2444,
"communication": 2445,
"Window": 2446,
"refl": 2447,
"remain": 2448,
"##iration": 2449,
"sus": 2450,
"succ": 2451,
"conn": 2452,
"Example": 2453,
"##stru": 2454,
"bytes": 2455,
"deploy": 2456,
"Reboot": 2457,
"##erved": 2458,
"Creating": 2459,
"stop": 2460,
"show": 2461,
"Executable": 2462,
"##ackup": 2463,
"child": 2464,
"Engine": 2465,
"setup": 2466,
"Provid": 2467,
"Program": 2468,
"techniques": 2469,
"cmdlets": 2470,
"##elf": 2471,
"##elper": 2472,
"power": 2473,
"Show": 2474,
"Contain": 2475,
"Connection": 2476,
"Connect": 2477,
"netsh": 2478,
"##ather": 2479,
"adds": 2480,
"until": 2481,
"socket": 2482,
"trans": 2483,
"##alcon": 2484,
"##shta": 2485,
"##shot": 2486,
"Sets": 2487,
"hashes": 2488,
"Defense": 2489,
"timeout": 2490,
"client": 2491,
"resource": 2492,
"administrator": 2493,
"##istrative": 2494,
"AtomicTest": 2495,
"privileged": 2496,
"Applications": 2497,
"tasks": 2498,
"##tivate": 2499,
"##doc": 2500,
"writes": 2501,
"writing": 2502,
"written": 2503,
"Passwords": 2504,
"commonly": 2505,
"infected": 2506,
"JSON": 2507,
"Searches": 2508,
"machines": 2509,
"Filter": 2510,
"recent": 2511,
"record": 2512,
"Simulates": 2513,
"argument": 2514,
"Perform": 2515,
"Spawn": 2516,
"##nces": 2517,
"instead": 2518,
"##gisterServer": 2519,
"owner": 2520,
"pos": 2521,
"Allow": 2522,
"AppCmd": 2523,
"renames": 2524,
"001": 2525,
"observed": 2526,
"Privile": 2527,
"Sysmon": 2528,
"operation": 2529,
"restarts": 2530,
"screenshot": 2531,
"assemb": 2532,
"HTTPS": 2533,
"blocking": 2534,
"GPO": 2535,
"trigger": 2536,
"instances": 2537,
"##olders": 2538,
"however": 2539,
"Center": 2540,
"leveraging": 2541,
"vulnerable": 2542,
"##porting": 2543,
"updated": 2544,
"USER": 2545,
"Cmdlet": 2546,
"DarkGate": 2547,
"Update": 2548,
"achieved": 2549,
"hives": 2550,
"##ganogr": 2551,
"Overwrite": 2552,
"choosing": 2553,
"Ideally": 2554,
"Owner": 2555,
"PACKET": 2556,
"further": 2557,
"halt": 2558,
"images": 2559,
"##naissance": 2560,
"##ramework": 2561,
"reflect": 2562,
"succesfully": 2563,
"assembly": 2564,
"##ganograph": 2565,
"11": 2566,
"19": 2567,
"24": 2568,
"30": 2569,
"32": 2570,
"64": 2571,
"AT": 2572,
"Blo": 2573,
"Bookmark": 2574,
"Det": 2575,
"Es": 2576,
"Full": 2577,
"Falcon": 2578,
"Language": 2579,
"Mode": 2580,
"MAC": 2581,
"Make": 2582,
"Monitor": 2583,
"Not": 2584,
"Pass": 2585,
"RH": 2586,
"Rub": 2587,
"Ransomware": 2588,
"Se": 2589,
"SAM": 2590,
"Tor": 2591,
"Terminal": 2592,
"UID": 2593,
"Vis": 2594,
"Val": 2595,
"Wri": 2596,
"Will": 2597,
"author": 2598,
"ben": 2599,
"bad": 2600,
"cam": 2601,
"cscript": 2602,
"captures": 2603,
"caching": 2604,
"des": 2605,
"den": 2606,
"dmp": 2607,
"email": 2608,
"fish": 2609,
"gi": 2610,
"min": 2611,
"msiexec": 2612,
"master": 2613,
"names": 2614,
"normal": 2615,
"ori": 2616,
"pod": 2617,
"rc": 2618,
"rout": 2619,
"recon": 2620,
"rand": 2621,
"say": 2622,
"section": 2623,
"signed": 2624,
"tor": 2625,
"turn": 2626,
"terminal": 2627,
"ur": 2628,
"vault": 2629,
"way": 2630,
"##ph": 2631,
"##pg": 2632,
"##pend": 2633,
"##ptance": 2634,
"##ls": 2635,
"##late": 2636,
"##list": 2637,
"##ose": 2638,
"##ite": 2639,
"##ible": 2640,
"##test": 2641,
"##ax": 2642,
"##nn": 2643,
"##ns": 2644,
"##names": 2645,
"##hing": 2646,
"##hold": 2647,
"##ces": 2648,
"##cat": 2649,
"##cDump": 2650,
"##ef": 2651,
"##eus": 2652,
"##ration": 2653,
"##dst": 2654,
"##ven": 2655,
"##ks": 2656,
"##mb": 2657,
"##fo": 2658,
"##fing": 2659,
"##ward": 2660,
"##UI": 2661,
"##Desk": 2662,
"##PN": 2663,
"##PC": 2664,
"##ger": 2665,
"##gress": 2666,
"##12": 2667,
"##50": 2668,
"##40": 2669,
"##No": 2670,
"##AD": 2671,
"##AT": 2672,
"##Sup": 2673,
"##35": 2674,
"##RM": 2675,
"##TE": 2676,
"##HIN": 2677,
"##inter": 2678,
"##tit": 2679,
"##tire": 2680,
"##orma": 2681,
"##orted": 2682,
"##relate": 2683,
"export": 2684,
"##owdst": 2685,
"##ented": 2686,
"injects": 2687,
"##ecure": 2688,
"##asting": 2689,
"##als": 2690,
"##rop": 2691,
"##erson": 2692,
"##anting": 2693,
"comb": 2694,
"computers": 2695,
"WinRM": 2696,
"##utdown": 2697,
"once": 2698,
"repl": 2699,
"##ites": 2700,
"##iting": 2701,
"##itch": 2702,
"thres": 2703,
"subs": 2704,
"##entutl": 2705,
"protection": 2706,
"progress": 2707,
"conce": 2708,
"##ilies": 2709,
"usernames": 2710,
"advan": 2711,
"##otnet": 2712,
"##ceptance": 2713,
"##quis": 2714,
"Report": 2715,
"associ": 2716,
"logoff": 2717,
"entire": 2718,
"acceptance": 2719,
"systemd": 2720,
"systemctl": 2721,
"Input": 2722,
"Inline": 2723,
"##force": 2724,
"Detect": 2725,
"shortcut": 2726,
"chann": 2727,
"Systemd": 2728,
"Enumerates": 2729,
"##usion": 2730,
"Protection": 2731,
"Common": 2732,
"maldoc": 2733,
"powero": 2734,
"Shortcut": 2735,
"defense": 2736,
"functions": 2737,
"timer": 2738,
"various": 2739,
"simulating": 2740,
"listing": 2741,
"##pplied": 2742,
"along": 2743,
"DomainG": 2744,
"Adds": 2745,
"unre": 2746,
"uninstall": 2747,
"uncom": 2748,
"trap": 2749,
"private": 2750,
"ADCom": 2751,
"valid": 2752,
"##ffect": 2753,
"bashrc": 2754,
"##clusion": 2755,
"click": 2756,
"pres": 2757,
"emulate": 2758,
"reset": 2759,
"administrative": 2760,
"##ookies": 2761,
"tarball": 2762,
"Installation": 2763,
"##ignment": 2764,
"overwri": 2765,
"library": 2766,
"complete": 2767,
"completion": 2768,
"callout": 2769,
"methods": 2770,
"itself": 2771,
"Notepad": 2772,
"stage": 2773,
"staging": 2774,
"##AME": 2775,
"interface": 2776,
"locally": 2777,
"Administrators": 2778,
"ESXCLI": 2779,
"Outlook": 2780,
"##imited": 2781,
"2021": 2782,
"builtin": 2783,
"evasion": 2784,
"unde": 2785,
"Alternative": 2786,
"changes": 2787,
"esentutl": 2788,
"##ptions": 2789,
"##lags": 2790,
"produce": 2791,
"products": 2792,
"controls": 2793,
"Private": 2794,
"Sysinternals": 2795,
"generated": 2796,
"RAW": 2797,
"applications": 2798,
"Print": 2799,
"Principal": 2800,
"##Exp": 2801,
"##INT": 2802,
"Kerberoasting": 2803,
"tries": 2804,
"actions": 2805,
"AutoRun": 2806,
"persistance": 2807,
"remo": 2808,
"Modifies": 2809,
"CentOS": 2810,
"EXE": 2811,
"##utions": 2812,
"##atching": 2813,
"Crowdst": 2814,
"VBScript": 2815,
"LOCA": 2816,
"guess": 2817,
"two": 2818,
"wmic": 2819,
"SharpHound": 2820,
"Arbitrary": 2821,
"redirection": 2822,
"##paign": 2823,
"automatically": 2824,
"Safari": 2825,
"Virtualization": 2826,
"looked": 2827,
"Configuration": 2828,
"Everyone": 2829,
"push": 2830,
"saves": 2831,
"tcpdump": 2832,
"decoding": 2833,
"Canary": 2834,
"Mailbox": 2835,
"SIGINT": 2836,
"destination": 2837,
"families": 2838,
"##ynamic": 2839,
"##jacking": 2840,
"suspicious": 2841,
"connected": 2842,
"possi": 2843,
"MACHIN": 2844,
"RHEL": 2845,
"Rubeus": 2846,
"campaign": 2847,
"designed": 2848,
"random": 2849,
"saying": 2850,
"url": 2851,
"##ormally": 2852,
"threshold": 2853,
"channel": 2854,
"poweroff": 2855,
"ADComputer": 2856,
"Crowdstrike": 2857,
"LOCAL": 2858,
"MACHINE": 2859,
"16": 2860,
"127": 2861,
"Author": 2862,
"ASR": 2863,
"Be": 2864,
"Backup": 2865,
"Co": 2866,
"Curl": 2867,
"CLI": 2868,
"ER": 2869,
"GA": 2870,
"Identi": 2871,
"Line": 2872,
"Later": 2873,
"Movement": 2874,
"Mshta": 2875,
"NO": 2876,
"Name": 2877,
"PR": 2878,
"Rules": 2879,
"SU": 2880,
"Sensitive": 2881,
"Sudo": 2882,
"Temp": 2883,
"TCP": 2884,
"Ul": 2885,
"Virus": 2886,
"WD": 2887,
"XLL": 2888,
"affect": 2889,
"brows": 2890,
"browser": 2891,
"batch": 2892,
"ca": 2893,
"cs": 2894,
"cause": 2895,
"dat": 2896,
"dir": 2897,
"driv": 2898,
"dang": 2899,
"fail": 2900,
"framework": 2901,
"gather": 2902,
"hav": 2903,
"job": 2904,
"la": 2905,
"ld": 2906,
"link": 2907,
"mem": 2908,
"mech": 2909,
"make": 2910,
"movement": 2911,
"nl": 2912,
"os": 2913,
"pause": 2914,
"qu": 2915,
"range": 2916,
"sa": 2917,
"sq": 2918,
"sti": 2919,
"sil": 2920,
"te": 2921,
"termin": 2922,
"vic": 2923,
"vss": 2924,
"whe": 2925,
"x64": 2926,
"##pn": 2927,
"##ped": 2928,
"##pro": 2929,
"##pray": 2930,
"##less": 2931,
"##oth": 2932,
"##obs": 2933,
"##ience": 2934,
"##iObject": 2935,
"##iases": 2936,
"##aff": 2937,
"##ne": 2938,
"##capture": 2939,
"##eep": 2940,
"##sa": 2941,
"##side": 2942,
"##rv": 2943,
"##ds": 2944,
"##kes": 2945,
"##ms": 2946,
"##met": 2947,
"##fetch": 2948,
"##when": 2949,
"##User": 2950,
"##Data": 2951,
"##Once": 2952,
"##bin": 2953,
"##bolic": 2954,
"##Method": 2955,
"##Po": 2956,
"##PE": 2957,
"##PR": 2958,
"##Pre": 2959,
"##Password": 2960,
"##ginal": 2961,
"##ground": 2962,
"##19": 2963,
"##Line": 2964,
"##App": 2965,
"##Script": 2966,
"##Spray": 2967,
"##ROR": 2968,
"##TR": 2969,
"##TY": 2970,
"##86": 2971,
"##erous": 2972,
"##hed": 2973,
"##oning": 2974,
"##tify": 2975,
"##ors": 2976,
"##ortable": 2977,
"##isor": 2978,
"##led": 2979,
"##rep": 2980,
"exch": 2981,
"##ower": 2982,
"##entation": 2983,
"intern": 2984,
"##aramet": 2985,
"##oud": 2986,
"##ascript": 2987,
"##tage": 2988,
"##anis": 2989,
"##anted": 2990,
"##rit": 2991,
"##map": 2992,
"report": 2993,
"reference": 2994,
"##veral": 2995,
"##ially": 2996,
"##place": 2997,
"those": 2998,
"tests": 2999,
"##ami": 3000,
"supp": 3001,
"project": 3002,
"Exfiltr": 3003,
"##ryption": 3004,
"##quent": 3005,
"Replace": 3006,
"##ervisor": 3007,
"creating": 3008,
"They": 3009,
"stating": 3010,
"status": 3011,
"Inform": 3012,
"##ider": 3013,
"##idump": 3014,
"Deb": 3015,
"Detected": 3016,
"Deploy": 3017,
"shares": 3018,
"##overy": 3019,
"space": 3020,
"spray": 3021,
"character": 3022,
"##uses": 3023,
"filesystem": 3024,
"##perience": 3025,
"several": 3026,
"Anti": 3027,
"##elnet": 3028,
"installing": 3029,
"CreateProcess": 3030,
"shells": 3031,
"Stub": 3032,
"Strike": 3033,
"##oofing": 3034,
"Modules": 3035,
"alread": 3036,
"opening": 3037,
"addition": 3038,
"unlock": 3039,
"##ypervisor": 3040,
"ADS": 3041,
"values": 3042,
"##files": 3043,
"##ources": 3044,
"SetUID": 3045,
"preload": 3046,
"##earch": 3047,
"##ublic": 3048,
"require": 3049,
"encryption": 3050,
"WMIC": 3051,
"modifies": 3052,
"resources": 3053,
"deletion": 3054,
"Mach": 3055,
"checks": 3056,
"environments": 3057,
"targe": 3058,
"manip": 3059,
"##tivities": 3060,
"Running": 3061,
"RunOnce": 3062,
"viewed": 3063,
"##uild": 3064,
"calls": 3065,
"messages": 3066,
"spawns": 3067,
"paths": 3068,
"Accounts": 3069,
"state": 3070,
"word": 3071,
"loading": 3072,
"Compil": 3073,
"Authentication": 3074,
"Through": 3075,
"HISTSIZE": 3076,
"plist": 3077,
"place": 3078,
"utilized": 3079,
"performs": 3080,
"Request": 3081,
"Adversary": 3082,
"certain": 3083,
"##balt": 3084,
"Edge": 3085,
"authentication": 3086,
"return": 3087,
"backup": 3088,
"backdo": 3089,
"background": 3090,
"Spec": 3091,
"evade": 3092,
"needed": 3093,
"APT": 3094,
"Management": 3095,
"Redline": 3096,
"append": 3097,
"stores": 3098,
"compression": 3099,
"Kerbrute": 3100,
"versions": 3101,
"actors": 3102,
"004": 3103,
"programs": 3104,
"errors": 3105,
"endpointwhen": 3106,
"operating": 3107,
"DoH": 3108,
"Docker": 3109,
"Schedule": 3110,
"entries": 3111,
"HISTFILESIZE": 3112,
"retriev": 3113,
"retrieved": 3114,
"automated": 3115,
"##itsadmin": 3116,
"Scanning": 3117,
"GPP": 3118,
"flags": 3119,
"##lite": 3120,
"know": 3121,
"listed": 3122,
"lateral": 3123,
"properties": 3124,
"Modification": 3125,
"Hashes": 3126,
"Methods": 3127,
"prim": 3128,
"Loadable": 3129,
"sweep": 3130,
"connections": 3131,
"AdmPwdExp": 3132,
"steganograph": 3133,
"Opera": 3134,
"Operation": 3135,
"Standard": 3136,
"Collection": 3137,
"Rootkit": 3138,
"correlate": 3139,
"directly": 3140,
"secrets": 3141,
"##RegisterServer": 3142,
"unlink": 3143,
"Automated": 3144,
"Deny": 3145,
"Guest": 3146,
"because": 3147,
"capability": 3148,
"listening": 3149,
"purposes": 3150,
"BITS": 3151,
"Calculator": 3152,
"Library": 3153,
"Services": 3154,
"blue": 3155,
"##pecially": 3156,
"##irationTime": 3157,
"Provider": 3158,
"Details": 3159,
"Visual": 3160,
"Value": 3161,
"original": 3162,
"routing": 3163,
"##ATA": 3164,
"advantage": 3165,
"##quisites": 3166,
"associated": 3167,
"present": 3168,
"overwrites": 3169,
"undetected": 3170,
"Cobalt": 3171,
"ERROR": 3172,
"Lateral": 3173,
"Ultra": 3174,
"drives": 3175,
"dangerous": 3176,
"having": 3177,
"mechanis": 3178,
"nltest": 3179,
"sqlite": 3180,
"silver": 3181,
"victim": 3182,
"vssadmin": 3183,
"whether": 3184,
"exchange": 3185,
"internet": 3186,
"Informed": 3187,
"StubPath": 3188,
"already": 3189,
"AdmPwdExpirationTime": 3190,
"steganography": 3191,
"0x": 3192,
"7z": 3193,
"Am": 3194,
"BP": 3195,
"BA": 3196,
"Bind": 3197,
"CP": 3198,
"CT": 3199,
"Call": 3200,
"Core": 3201,
"Captures": 3202,
"DD": 3203,
"DC": 3204,
"Dri": 3205,
"Dynamic": 3206,
"Er": 3207,
"Elev": 3208,
"ETW": 3209,
"Folders": 3210,
"Fax": 3211,
"Go": 3212,
"Gn": 3213,
"Gate": 3214,
"GCP": 3215,
"Hi": 3216,
"IS": 3217,
"IT": 3218,
"Jav": 3219,
"Job": 3220,
"Le": 3221,
"Mp": 3222,
"Min": 3223,
"Men": 3224,
"NS": 3225,
"Normally": 3226,
"OST": 3227,
"Once": 3228,
"OLE": 3229,
"Pl": 3230,
"PF": 3231,
"Persis": 3232,
"Parent": 3233,
"Portable": 3234,
"QUI": 3235,
"Ret": 3236,
"Role": 3237,
"RSA": 3238,
"S3": 3239,
"She": 3240,
"Ste": 3241,
"Sup": 3242,
"Secre": 3243,
"SPN": 3244,
"TR": 3245,
"TG": 3246,
"Tim": 3247,
"UD": 3248,
"URI": 3249,
"Version": 3250,
"VSS": 3251,
"Wh": 3252,
"Wm": 3253,
"W32": 3254,
"Wires": 3255,
"Wev": 3256,
"XS": 3257,
"able": 3258,
"auth": 3259,
"bre": 3260,
"bet": 3261,
"both": 3262,
"cri": 3263,
"clo": 3264,
"cake": 3265,
"dist": 3266,
"dial": 3267,
"fa": 3268,
"fut": 3269,
"final": 3270,
"gpg": 3271,
"grep": 3272,
"hta": 3273,
"hint": 3274,
"hive": 3275,
"ig": 3276,
"ide": 3277,
"kit": 3278,
"kill": 3279,
"kerb": 3280,
"low": 3281,
"len": 3282,
"monitor": 3283,
"next": 3284,
"nix": 3285,
"occ": 3286,
"pf": 3287,
"pam": 3288,
"pop": 3289,
"pse": 3290,
"python": 3291,
"parent": 3292,
"rol": 3293,
"sft": 3294,
"sign": 3295,
"secure": 3296,
"tamper": 3297,
"telnet": 3298,
"vm": 3299,
"vis": 3300,
"ws": 3301,
"were": 3302,
"xls": 3303,
"##pol": 3304,
"##pwn": 3305,
"##pwd": 3306,
"##lper": 3307,
"##oc": 3308,
"##of": 3309,
"##oice": 3310,
"##ium": 3311,
"##task": 3312,
"##aible": 3313,
"##not": 3314,
"##hark": 3315,
"##con": 3316,
"##call": 3317,
"##cmd": 3318,
"##cription": 3319,
"##ee": 3320,
"##eper": 3321,
"##ehavi": 3322,
"##equent": 3323,
"##sed": 3324,
"##sent": 3325,
"##sel": 3326,
"##slook": 3327,
"##rect": 3328,
"##dd": 3329,
"##v4": 3330,
"##ving": 3331,
"##ved": 3332,
"##kfl": 3333,
"##uP": 3334,
"##util": 3335,
"##uff": 3336,
"##find": 3337,
"##we": 3338,
"##wind": 3339,
"##yer": 3340,
"##ykatz": 3341,
"##US": 3342,
"##DLL": 3343,
"##DATA": 3344,
"##OFILE": 3345,
"##ORE": 3346,
"##bang": 3347,
"##ME": 3348,
"##PT": 3349,
"##Policy": 3350,
"##Prompt": 3351,
"##Power": 3352,
"##Paramet": 3353,
"##PDATA": 3354,
"##gin": 3355,
"##gal": 3356,
"##gth": 3357,
"##gent": 3358,
"##grity": 3359,
"##10": 3360,
"##59": 3361,
"##44": 3362,
"##65": 3363,
"##600": 3364,
"##LP": 3365,
"##LY": 3366,
"##Log": 3367,
"##ND": 3368,
"##NK": 3369,
"##NAME": 3370,
"##NORE": 3371,
"##At": 3372,
"##SQ": 3373,
"##39": 3374,
"##38": 3375,
"##Recon": 3376,
"##22": 3377,
"##Cat": 3378,
"##Cache": 3379,
"##Tun": 3380,
"##GID": 3381,
"##76": 3382,
"##Behavi": 3383,
"##Handler": 3384,
"##HPower": 3385,
"##Job": 3386,
"##inder": 3387,
"##ints": 3388,
"##information": 3389,
"##helper": 3390,
"##once": 3391,
"##tegrity": 3392,
"##tice": 3393,
"##ective": 3394,
"##oring": 3395,
"##ories": 3396,
"##orAdmin": 3397,
"##lease": 3398,
"toc": 3399,
"##omp": 3400,
"##omps": 3401,
"##rend": 3402,
"excel": 3403,
"inc": 3404,
"invo": 3405,
"intent": 3406,
"invoke": 3407,
"injection": 3408,
"usage": 3409,
"##arge": 3410,
"##ouble": 3411,
"##alaible": 3412,
"##royer": 3413,
"##ansi": 3414,
"##odhelper": 3415,
"##uler": 3416,
"##ulated": 3417,
"##estomp": 3418,
"##acy": 3419,
"##acing": 3420,
"##activate": 3421,
"##aconing": 3422,
"##uts": 3423,
"real": 3424,
"##olden": 3425,
"##plays": 3426,
"##ponse": 3427,
"proce": 3428,
"proof": 3429,
"conta": 3430,
"controll": 3431,
"context": 3432,
"constru": 3433,
"External": 3434,
"Extension": 3435,
"Experience": 3436,
"##stat": 3437,
"anti": 3438,
"userinit": 3439,
"##ectl": 3440,
"adfind": 3441,
"detected": 3442,
"detect": 3443,
"disc": 3444,
"displays": 3445,
"Register": 3446,
"runonce": 3447,
"PowerCLI": 3448,
"##chive": 3449,
"Display": 3450,
"activities": 3451,
"##state": 3452,
"scp": 3453,
"scan": 3454,
"scans": 3455,
"Information": 3456,
"Inbox": 3457,
"Info": 3458,
"InTun": 3459,
"##iled": 3460,
"##forced": 3461,
"Dev": 3462,
"shred": 3463,
"shuts": 3464,
"domaininformation": 3465,
"cannot": 3466,
"##itySup": 3467,
"##keeper": 3468,
"choice": 3469,
"System32": 3470,
"Enabling": 3471,
"ProcDump": 3472,
"Commun": 3473,
"##trokes": 3474,
"##plem": 3475,
"macro": 3476,
"Shutdown": 3477,
"##check": 3478,
"Stuff": 3479,
"Stomps": 3480,
"Child": 3481,
"Character": 3482,
"Consent": 3483,
"##bserver": 3484,
"netstat": 3485,
"docker": 3486,
"hosts": 3487,
"hostname": 3488,
"##agic": 3489,
"alter": 3490,
"aliases": 3491,
"win32": 3492,
"window": 3493,
"DomainCon": 3494,
"DomainUser": 3495,
"opens": 3496,
"##pping": 3497,
"outputting": 3498,
"keylog": 3499,
"transi": 3500,
"##ctor": 3501,
"##cture": 3502,
"privesc": 3503,
"##monly": 3504,
"##arding": 3505,
"SetGID": 3506,
"##rupt": 3507,
"prefetch": 3508,
"Default": 3509,
"CommandProcess": 3510,
"WMIObject": 3511,
"##eros": 3512,
"##ributions": 3513,
"followed": 3514,
"Userinit": 3515,
"abuse": 3516,
"checking": 3517,
"tasklist": 3518,
"many": 3519,
"manage": 3520,
"management": 3521,
"notification": 3522,
"##pload": 3523,
"viewer": 3524,
"lie": 3525,
"sessions": 3526,
"##Viewer": 3527,
"provides": 3528,
"payloads": 3529,
"##ticular": 3530,
"disabled": 3531,
"interest": 3532,
"interested": 3533,
"interrupt": 3534,
"decoded": 3535,
"decrypt": 3536,
"HISTIG": 3537,
"build": 3538,
"particular": 3539,
"passed": 3540,
"located": 3541,
"Testing": 3542,
"##Provid": 3543,
"events": 3544,
"sysadmin": 3545,
"syscall": 3546,
"##akes": 3547,
"##query": 3548,
"Simulating": 3549,
"auditd": 3550,
"includes": 3551,
"RDON": 3552,
"Spoofing": 3553,
"even": 3554,
"gets": 3555,
"Remo": 3556,
"RemCom": 3557,
"Chromium": 3558,
"APPDATA": 3559,
"##Connect": 3560,
"changing": 3561,
"Events": 3562,
"Opens": 3563,
"Opened": 3564,
"loginwind": 3565,
"compressed": 3566,
"Response": 3567,
"crond": 3568,
"cronta": 3569,
"drive": 3570,
"drivers": 3571,
"shared": 3572,
"databases": 3573,
"BlackCat": 3574,
"Privacy": 3575,
"general": 3576,
"generate": 3577,
"expected": 3578,
"expired": 3579,
"parameters": 3580,
"Notify": 3581,
"avalaible": 3582,
"behaviour": 3583,
"regarding": 3584,
"whoami": 3585,
"Changing": 3586,
"doesn": 3587,
"Launches": 3588,
"Tasks": 3589,
"bruteforce": 3590,
"assigned": 3591,
"##abilities": 3592,
"blocked": 3593,
"##OMPT": 3594,
"PS1": 3595,
"Without": 3596,
"##lib": 3597,
"allowing": 3598,
"Inter": 3599,
"package": 3600,
"extensions": 3601,
"confirming": 3602,
"addresses": 3603,
"availability": 3604,
"EXIT": 3605,
"Trap": 3606,
"Viewer": 3607,
"numeric": 3608,
"##escription": 3609,
"startedThe": 3610,
"Loads": 3611,
"truncates": 3612,
"Compressing": 3613,
"Compressed": 3614,
"places": 3615,
"##CommandLine": 3616,
"vulnerability": 3617,
"ImagePath": 3618,
"VMs": 3619,
"immu": 3620,
"implem": 3621,
"spoolsv": 3622,
"compromise": 3623,
"craft": 3624,
"imperson": 3625,
"steal": 3626,
"twice": 3627,
"##ported": 3628,
"##time": 3629,
"Reader": 3630,
"sending": 3631,
"##365": 3632,
"exfiltrate": 3633,
"T1119": 3634,
"T154": 3635,
"obfuscation": 3636,
"Collect": 3637,
"Evasion": 3638,
"Graph": 3639,
"INET": 3640,
"Import": 3641,
"Reconnaissance": 3642,
"highly": 3643,
"marks": 3644,
"secret": 3645,
"Classes": 3646,
"CronJob": 3647,
"Decode": 3648,
"Decrypt": 3649,
"Items": 3650,
"Workfl": 3651,
"patches": 3652,
"symbolic": 3653,
"territ": 3654,
"##ShellCommandLine": 3655,
"##Trust": 3656,
"ScreenConnect": 3657,
"Manipulate": 3658,
"Manipulation": 3659,
"searching": 3660,
"bpfN": 3661,
"DllRegisterServer": 3662,
"General": 3663,
"PUA": 3664,
"making": 3665,
"potential": 3666,
"##Assignment": 3667,
"deployment": 3668,
"Programs": 3669,
"Container": 3670,
"transfer": 3671,
"Privileged": 3672,
"USERPR": 3673,
"ATHPower": 3674,
"Blood": 3675,
"Write": 3676,
"given": 3677,
"vaultcmd": 3678,
"##Notice": 3679,
"combination": 3680,
"subscription": 3681,
"concept": 3682,
"DomainGroup": 3683,
"unregister": 3684,
"uncommonly": 3685,
"possible": 3686,
"PROMPT": 3687,
"browsers": 3688,
"save": 3689,
"##Preference": 3690,
"Exfiltrate": 3691,
"additional": 3692,
"Machine": 3693,
"Compiler": 3694,
"backdoor": 3695,
"primarily": 3696,
"mechanism": 3697,
"BPF": 3698,
"BASH": 3699,
"CTRL": 3700,
"Driver": 3701,
"Error": 3702,
"GnuP": 3703,
"Gatekeeper": 3704,
"Hijacking": 3705,
"ISO": 3706,
"ITS": 3707,
"Legal": 3708,
"MpPreference": 3709,
"Menu": 3710,
"NSudo": 3711,
"Persistent": 3712,
"QUIC": 3713,
"Retri": 3714,
"RSAT": 3715,
"Shebang": 3716,
"TRAP": 3717,
"UDP": 3718,
"W32Time": 3719,
"Wireshark": 3720,
"XSL": 3721,
"break": 3722,
"distributions": 3723,
"dialog": 3724,
"failed": 3725,
"future": 3726,
"ign": 3727,
"idea": 3728,
"kerberos": 3729,
"length": 3730,
"psexec": 3731,
"roles": 3732,
"sftp": 3733,
"visudo": 3734,
"##selves": 3735,
"##slookup": 3736,
"##PromptBehavi": 3737,
"##Parameter": 3738,
"##SQL": 3739,
"##ectively": 3740,
"proceed": 3741,
"constructor": 3742,
"InTune": 3743,
"##itySupported": 3744,
"CommunitySupported": 3745,
"Stuffing": 3746,
"ChildItem": 3747,
"ConsentPromptBehavi": 3748,
"DomainController": 3749,
"keylogger": 3750,
"transient": 3751,
"CommandProcessor": 3752,
"HISTIGNORE": 3753,
"sysadminctl": 3754,
"RDONLY": 3755,
"loginwindow": 3756,
"immutable": 3757,
"Workflow": 3758,
"territory": 3759,
"##ShellCommandLineParameter": 3760,
"USERPROFILE": 3761,
"ATHPowerShellCommandLineParameter": 3762,
"GnuPG": 3763,
"LegalNotice": 3764,
"ConsentPromptBehaviorAdmin": 3765,
"01": 3766,
"365": 3767,
"As": 3768,
"AN": 3769,
"AR": 3770,
"ATP": 3771,
"But": 3772,
"CM": 3773,
"Cat": 3774,
"Custom": 3775,
"Cookies": 3776,
"DS": 3777,
"Dest": 3778,
"Dir": 3779,
"DIS": 3780,
"Daemon": 3781,
"Description": 3782,
"Ep": 3783,
"ED": 3784,
"Fon": 3785,
"FILE": 3786,
"Flags": 3787,
"Gs": 3788,
"HV": 3789,
"How": 3790,
"Hook": 3791,
"Hide": 3792,
"Helper": 3793,
"Hypervisor": 3794,
"Is": 3795,
"IO": 3796,
"IE": 3797,
"IF": 3798,
"Ind": 3799,
"IAM": 3800,
"Link": 3801,
"LAN": 3802,
"LNK": 3803,
"Mc": 3804,
"Mess": 3805,
"Map": 3806,
"Names": 3807,
"Normal": 3808,
"Or": 3809,
"Oly": 3810,
"Object": 3811,
"Options": 3812,
"Pu": 3813,
"PD": 3814,
"PP": 3815,
"PC": 3816,
"PSI": 3817,
"PRE": 3818,
"Potenti": 3819,
"Please": 3820,
"Qu": 3821,
"Qak": 3822,
"Ry": 3823,
"Ren": 3824,
"Rust": 3825,
"Recursively": 3826,
"RPC": 3827,
"Spo": 3828,
"Side": 3829,
"Signed": 3830,
"Stit": 3831,
"Tar": 3832,
"Take": 3833,
"Time": 3834,
"WLL": 3835,
"XL": 3836,
"XML": 3837,
"ap": 3838,
"around": 3839,
"applied": 3840,
"bu": 3841,
"best": 3842,
"bookmark": 3843,
"bitsadmin": 3844,
"cc": 3845,
"c2": 3846,
"cpl": 3847,
"case": 3848,
"dd": 3849,
"du": 3850,
"due": 3851,
"dub": 3852,
"done": 3853,
"daemon": 3854,
"drop": 3855,
"dotnet": 3856,
"ever": 3857,
"eff": 3858,
"fru": 3859,
"global": 3860,
"gzip": 3861,
"home": 3862,
"hide": 3863,
"item": 3864,
"kr": 3865,
"ln": 3866,
"lat": 3867,
"mis": 3868,
"met": 3869,
"micro": 3870,
"microsoft": 3871,
"mav": 3872,
"masquerading": 3873,
"matching": 3874,
"nt": 3875,
"nc": 3876,
"node": 3877,
"none": 3878,
"nslookup": 3879,
"options": 3880,
"pers": 3881,
"pem": 3882,
"page": 3883,
"poll": 3884,
"policies": 3885,
"public": 3886,
"sch": 3887,
"src": 3888,
"tit": 3889,
"tail": 3890,
"team": 3891,
"upload": 3892,
"vpn": 3893,
"wb": 3894,
"won": 3895,
"xm": 3896,
"x86": 3897,
"year": 3898,
"##xplorer": 3899,
"##pr": 3900,
"##link": 3901,
"##lanting": 3902,
"##lbin": 3903,
"##ier": 3904,
"##ian": 3905,
"##iod": 3906,
"##ivid": 3907,
"##tle": 3908,
"##tinu": 3909,
"##tart": 3910,
"##aution": 3911,
"##aScript": 3912,
"##apping": 3913,
"##np": 3914,
"##nted": 3915,
"##cle": 3916,
"##case": 3917,
"##cument": 3918,
"##cache": 3919,
"##ex": 3920,
"##eed": 3921,
"##eIn": 3922,
"##sF": 3923,
"##son": 3924,
"##set": 3925,
"##rar": 3926,
"##ras": 3927,
"##df": 3928,
"##domain": 3929,
"##ua": 3930,
"##uk": 3931,
"##uf": 3932,
"##ug": 3933,
"##uid": 3934,
"##ucture": 3935,
"##my": 3936,
"##man": 3937,
"##ful": 3938,
"##with": 3939,
"##wanted": 3940,
"##yDesk": 3941,
"##ycle": 3942,
"##Up": 3943,
"##UH": 3944,
"##De": 3945,
"##DO": 3946,
"##DB": 3947,
"##Dut": 3948,
"##Def": 3949,
"##OAD": 3950,
"##bt": 3951,
"##bil": 3952,
"##base": 3953,
"##book": 3954,
"##jected": 3955,
"##En": 3956,
"##ES": 3957,
"##Edit": 3958,
"##MP": 3959,
"##Mod": 3960,
"##MeIn": 3961,
"##Pr": 3962,
"##Pass": 3963,
"##P36": 3964,
"##Planting": 3965,
"##gation": 3966,
"##56": 3967,
"##58": 3968,
"##4f": 3969,
"##Int": 3970,
"##Lo": 3971,
"##LD": 3972,
"##LS": 3973,
"##List": 3974,
"##LOAD": 3975,
"##AS": 3976,
"##ARI": 3977,
"##Sh": 3978,
"##Search": 3979,
"##Start": 3980,
"##Rule": 3981,
"##28": 3982,
"##CI": 3983,
"##CC": 3984,
"##Cer": 3985,
"##CON": 3986,
"##CMD": 3987,
"##This": 3988,
"##Task": 3989,
"##Text": 3990,
"##TTY": 3991,
"##Gop": 3992,
"##Global": 3993,
"##70": 3994,
"##With": 3995,
"##Box": 3996,
"##Browser": 3997,
"##Helper": 3998,
"##FS": 3999,
"##VNC": 4000,
"##XCer": 4001,
"##ert": 4002,
"##inject": 4003,
"##eshell": 4004,
"##onym": 4005,
"##ectiv": 4006,
"##ecdump": 4007,
"##ise": 4008,
"##ished": 4009,
"##lemet": 4010,
"top": 4011,
"##rease": 4012,
"exection": 4013,
"exclusion": 4014,
"##eder": 4015,
"##edit": 4016,
"##enari": 4017,
"int": 4018,
"inv": 4019,
"inac": 4020,
"internal": 4021,
"instru": 4022,
"injected": 4023,
"##arting": 4024,
"##ough": 4025,
"##ounted": 4026,
"##alog": 4027,
"##etCache": 4028,
"executor": 4029,
"##rol": 4030,
"##rok": 4031,
"##ross": 4032,
"##take": 4033,
"##mall": 4034,
"##hish": 4035,
"##hishing": 4036,
"##unks": 4037,
"comadmin": 4038,
"fileand": 4039,
"##adows": 4040,
"##action": 4041,
"loop": 4042,
"lots": 4043,
"lolbin": 4044,
"ons": 4045,
"onion": 4046,
"rever": 4047,
"reading": 4048,
"review": 4049,
"exeUpon": 4050,
"##olog": 4051,
"##olution": 4052,
"##ird": 4053,
"##ayer": 4054,
"forest": 4055,
"testing": 4056,
"##umentation": 4057,
"##aming": 4058,
"success": 4059,
"supplied": 4060,
"conduct": 4061,
"##aintext": 4062,
"Exp": 4063,
"Exit": 4064,
"Extrac": 4065,
"Exclusion": 4066,
"##ific": 4067,
"##ified": 4068,
"antiv": 4069,
"##velo": 4070,
"Powers": 4071,
"byte": 4072,
"depend": 4073,
"develo": 4074,
"##quence": 4075,
"disables": 4076,
"Regist": 4077,
"Reporting": 4078,
"##urer": 4079,
"PowerPo": 4080,
"PowerUp": 4081,
"##ching": 4082,
"engine": 4083,
"enabling": 4084,
"enough": 4085,
"Creation": 4086,
"across": 4087,
"Then": 4088,
"system32": 4089,
"##station": 4090,
"##ope": 4091,
"Usage": 4092,
"password12": 4093,
"Inject": 4094,
"Integrity": 4095,
"shrc": 4096,
"domains": 4097,
"Executing": 4098,
"Loading": 4099,
"##ctions": 4100,
"##keep": 4101,
"##ement": 4102,
"##ipher": 4103,
"setuid": 4104,
"##used": 4105,
"##usual": 4106,
"##nique": 4107,
"Computer": 4108,
"Computers": 4109,
"sel": 4110,
"sequence": 4111,
"Atta": 4112,
"##tructure": 4113,
"outside": 4114,
"AnyDesk": 4115,
"##omicsF": 4116,
"poweshell": 4117,
"Shares": 4118,
"kext": 4119,
"Stor": 4120,
"Console": 4121,
"Conrol": 4122,
"GetObject": 4123,
"weak": 4124,
"webserver": 4125,
"##agne": 4126,
"period": 4127,
"winpwn": 4128,
"DomainPassword": 4129,
"accessing": 4130,
"accessed": 4131,
"##ailable": 4132,
"##mpic": 4133,
"unat": 4134,
"unit": 4135,
"unload": 4136,
"unset": 4137,
"##STP": 4138,
"traff": 4139,
"##arded": 4140,
"##ardware": 4141,
"##ardDut": 4142,
"Setup": 4143,
"emulates": 4144,
"follows": 4145,
"LogMeIn": 4146,
"currently": 4147,
"deleting": 4148,
"RemotePC": 4149,
"calculator": 4150,
"Macos": 4151,
"dumps": 4152,
"dumping": 4153,
"##grade": 4154,
"AtomicService": 4155,
"Database": 4156,
"Token": 4157,
"taskhost": 4158,
"very": 4159,
"Netsh": 4160,
"manager": 4161,
"##feren": 4162,
"Processes": 4163,
"Runs": 4164,
"Utility": 4165,
"##ansfer": 4166,
"Unwanted": 4167,
"Unusual": 4168,
"lib": 4169,
"ListPlanting": 4170,
"calling": 4171,
"provider": 4172,
"sched": 4173,
"verifyctl": 4174,
"launching": 4175,
"NTFS": 4176,
"piping": 4177,
"interact": 4178,
"There": 4179,
"decrypted": 4180,
"HISTCON": 4181,
"plaintext": 4182,
"parts": 4183,
"passes": 4184,
"types": 4185,
"infras": 4186,
"Required": 4187,
"Encrypted": 4188,
"sysinternals": 4189,
"##torage": 4190,
"##cheduler": 4191,
"workstation": 4192,
"Based": 4193,
"authentic": 4194,
"rece": 4195,
"recovery": 4196,
"##ensive": 4197,
"prevents": 4198,
"2022": 4199,
"auditpol": 4200,
"ers": 4201,
"Space": 4202,
"Spray": 4203,
"evil": 4204,
"evading": 4205,
"finds": 4206,
"office": 4207,
"Also": 4208,
"locking": 4209,
"EventLog": 4210,
"pointer": 4211,
"embedding": 4212,
"AppData": 4213,
"Resource": 4214,
"##0000": 4215,
"keystrokes": 4216,
"005": 4217,
"clears": 4218,
"cleartext": 4219,
"themselves": 4220,
"generally": 4221,
"operator": 4222,
"operations": 4223,
"restore": 4224,
"restarted": 4225,
"exports": 4226,
"Stops": 4227,
"timestamps": 4228,
"Clipboard": 4229,
"Cloud": 4230,
"Document": 4231,
"Notification": 4232,
"##svcs": 4233,
"regular": 4234,
"Attempts": 4235,
"Attempting": 4236,
"IPv4": 4237,
"querying": 4238,
"blocks": 4239,
"##Execu": 4240,
"##ecurse": 4241,
"strings": 4242,
"undertake": 4243,
"exploited": 4244,
"Head": 4245,
"elevation": 4246,
"properly": 4247,
"confirms": 4248,
"Modified": 4249,
"prerequisites": 4250,
"Embedd": 4251,
"Transfer": 4252,
"WebGlobal": 4253,
"WebBrowser": 4254,
"searched": 4255,
"leverages": 4256,
"T1027": 4257,
"T1059": 4258,
"appearance": 4259,
"Craft": 4260,
"Only": 4261,
"Payloads": 4262,
"mailbox": 4263,
"swap": 4264,
"switch": 4265,
"spooler": 4266,
"temporarily": 4267,
"MSP36": 4268,
"cras": 4269,
"crack": 4270,
"guest": 4271,
"individ": 4272,
"index": 4273,
"import": 4274,
"wmiObject": 4275,
"##ToAss": 4276,
"##ToAt": 4277,
"sends": 4278,
"obtained": 4279,
"update": 4280,
"AlternateShell": 4281,
"PathToAt": 4282,
"Stage": 4283,
"redirect": 4284,
"exfiltrated": 4285,
"exfiltrating": 4286,
"compiled": 4287,
"obfuscate": 4288,
"obfuscated": 4289,
"Evade": 4290,
"INetCache": 4291,
"SessionGop": 4292,
"directories": 4293,
"marker": 4294,
"##5535": 4295,
"ensures": 4296,
"Automation": 4297,
"Denied": 4298,
"GuardDut": 4299,
"Restart": 4300,
"Restore": 4301,
"World": 4302,
"become": 4303,
"dscl": 4304,
"dsquery": 4305,
"grant": 4306,
"patched": 4307,
"##viewer": 4308,
"##Trail": 4309,
"exclude": 4310,
"excluded": 4311,
"##acturer": 4312,
"consider": 4313,
"##strumentation": 4314,
"handled": 4315,
"Screencapture": 4316,
"VIBs": 4317,
"purpose": 4318,
"CimMethod": 4319,
"Generic": 4320,
"means": 4321,
"makes": 4322,
"potentially": 4323,
"extraction": 4324,
"powerSQL": 4325,
"Connections": 4326,
"192": 4327,
"1970": 4328,
"Especially": 4329,
"Seen": 4330,
"authors": 4331,
"authorized": 4332,
"benign": 4333,
"denied": 4334,
"denial": 4335,
"minidump": 4336,
"reconnaissance": 4337,
"##phone": 4338,
"##wards": 4339,
"guesses": 4340,
"guessing": 4341,
"urlcache": 4342,
"168": 4343,
"Identif": 4344,
"NOTE": 4345,
"SUDO": 4346,
"TCPdump": 4347,
"causes": 4348,
"osascript": 4349,
"still": 4350,
"telemet": 4351,
"##TROL": 4352,
"supported": 4353,
"Debian": 4354,
"targeted": 4355,
"bluekeep": 4356,
"UltraVNC": 4357,
"Ammy": 4358,
"Elevation": 4359,
"GoToAss": 4360,
"JavaScript": 4361,
"PFXCer": 4362,
"Support": 4363,
"Secrets": 4364,
"SPNs": 4365,
"TGT": 4366,
"Timestomp": 4367,
"occur": 4368,
"pfx": 4369,
"tampering": 4370,
"##tasks": 4371,
"##config": 4372,
"tocopy": 4373,
"contact": 4374,
"controllers": 4375,
"discarded": 4376,
"scanning": 4377,
"Removes": 4378,
"Interface": 4379,
"implemented": 4380,
"impersonating": 4381,
"BloodHound": 4382,
"ignore": 4383,
"CMSTP": 4384,
"Destroyer": 4385,
"DISM": 4386,
"Epxplorer": 4387,
"EDR": 4388,
"Fonts": 4389,
"FILENAME": 4390,
"Gsecdump": 4391,
"HVCI": 4392,
"However": 4393,
"Indirect": 4394,
"LANG": 4395,
"McA": 4396,
"Olympic": 4397,
"PuTTY": 4398,
"PDQ": 4399,
"PCAP": 4400,
"PSImage": 4401,
"PRELOAD": 4402,
"Potentially": 4403,
"Qakbot": 4404,
"Ryuk": 4405,
"RustDesk": 4406,
"Spool": 4407,
"Stitch": 4408,
"XLAM": 4409,
"bucket": 4410,
"bestarted": 4411,
"dupl": 4412,
"dubbed": 4413,
"latest": 4414,
"microphone": 4415,
"mavinject": 4416,
"ntds": 4417,
"pollute": 4418,
"schtasks": 4419,
"tailor": 4420,
"wbadmin": 4421,
"xml": 4422,
"##ufacturer": 4423,
"##Module": 4424,
"##PassView": 4425,
"##Startup": 4426,
"##onymous": 4427,
"##enarios": 4428,
"instructions": 4429,
"##adowstorage": 4430,
"Extracting": 4431,
"antivirus": 4432,
"Registration": 4433,
"PowerPoint": 4434,
"password123": 4435,
"##ipheral": 4436,
"##omicsFolder": 4437,
"DomainPasswordSpray": 4438,
"traffic": 4439,
"taskhostw": 4440,
"HISTCONTROL": 4441,
"infrastructure": 4442,
"WebGlobalModule": 4443,
"WebBrowserPassView": 4444,
"Crafting": 4445,
"MSP360": 4446,
"individual": 4447,
"AlternateShellStartup": 4448,
"PathToAtomicsFolder": 4449,
"SessionGopher": 4450,
"GuardDuty": 4451,
"telemetry": 4452,
"Ammyy": 4453,
"GoToAssist": 4454,
"PFXCertificate": 4455,
"04": 4456,
"18": 4457,
"31": 4458,
"300": 4459,
"339": 4460,
"46": 4461,
"40": 4462,
"444": 4463,
"476": 4464,
"500": 4465,
"600": 4466,
"7zip": 4467,
"80": 4468,
"821": 4469,
"90": 4470,
"9600": 4471,
"Ap": 4472,
"Aw": 4473,
"Ab": 4474,
"AL": 4475,
"Action": 4476,
"Avo": 4477,
"Ass": 4478,
"Avoid": 4479,
"AES": 4480,
"Bron": 4481,
"Bitsadmin": 4482,
"CU": 4483,
"Cb": 4484,
"C9": 4485,
"Car": 4486,
"Caution": 4487,
"DO": 4488,
"D1": 4489,
"DB": 4490,
"Dat": 4491,
"Dia": 4492,
"Direct": 4493,
"Dcc": 4494,
"DSR": 4495,
"Dotnet": 4496,
"DLP": 4497,
"Double": 4498,
"EW": 4499,
"Ent": 4500,
"Email": 4501,
"FA": 4502,
"FTP": 4503,
"Feat": 4504,
"Framework": 4505,
"Fodhelper": 4506,
"GU": 4507,
"GZ": 4508,
"Gri": 4509,
"Gath": 4510,
"GID": 4511,
"Ghost": 4512,
"Golden": 4513,
"Har": 4514,
"Home": 4515,
"Hive": 4516,
"Hardware": 4517,
"Io": 4518,
"IC": 4519,
"Iced": 4520,
"IME": 4521,
"Ju": 4522,
"Jscript": 4523,
"Jobs": 4524,
"Kin": 4525,
"Kill": 4526,
"KEY": 4527,
"La": 4528,
"LS": 4529,
"Lin": 4530,
"Lit": 4531,
"Long": 4532,
"Leve": 4533,
"Lever": 4534,
"Large": 4535,
"LUH": 4536,
"MF": 4537,
"Mic": 4538,
"Mir": 4539,
"Must": 4540,
"Morer": 4541,
"Mimi": 4542,
"Mcs": 4543,
"Magic": 4544,
"Nt": 4545,
"Nin": 4546,
"Node": 4547,
"Named": 4548,
"NAME": 4549,
"Nmap": 4550,
"Of": 4551,
"Ob": 4552,
"Oct": 4553,
"Option": 4554,
"O365": 4555,
"Pn": 4556,
"Pe": 4557,
"Par": 4558,
"Pan": 4559,
"Pad": 4560,
"Pot": 4561,
"Pup": 4562,
"Page": 4563,
"Pub": 4564,
"Public": 4565,
"Phishing": 4566,
"Queries": 4567,
"RE": 4568,
"RB": 4569,
"Rcl": 4570,
"Radmin": 4571,
"Rights": 4572,
"Recurse": 4573,
"Sw": 4574,
"SR": 4575,
"Sec": 4576,
"Sig": 4577,
"Sel": 4578,
"SAC": 4579,
"SID": 4580,
"Single": 4581,
"Source": 4582,
"Sync": 4583,
"Seat": 4584,
"Sym": 4585,
"SUID": 4586,
"SEL": 4587,
"Smb": 4588,
"SDe": 4589,
"Scheduler": 4590,
"Tin": 4591,
"Tou": 4592,
"Top": 4593,
"Termin": 4594,
"TTP": 4595,
"Turn": 4596,
"TTY": 4597,
"Trend": 4598,
"TLS": 4599,
"UI": 4600,
"UUID": 4601,
"Umb": 4602,
"Unique": 4603,
"Ver": 4604,
"Var": 4605,
"VPN": 4606,
"VARI": 4607,
"We": 4608,
"Wat": 4609,
"War": 4610,
"Wif": 4611,
"WIN": 4612,
"WOR": 4613,
"Woc": 4614,
"WCMD": 4615,
"XLM": 4616,
"XOR": 4617,
"Zip": 4618,
"Zone": 4619,
"a1": 4620,
"aid": 4621,
"bt": 4622,
"bz": 4623,
"bun": 4624,
"blo": 4625,
"b64": 4626,
"bde": 4627,
"cp": 4628,
"cover": 4629,
"card": 4630,
"core": 4631,
"cpassword": 4632,
"dm": 4633,
"db": 4634,
"ded": 4635,
"dro": 4636,
"dot": 4637,
"dail": 4638,
"desk": 4639,
"dynamic": 4640,
"double": 4641,
"el": 4642,
"ed": 4643,
"eas": 4644,
"edit": 4645,
"fs": 4646,
"fin": 4647,
"fac": 4648,
"foo": 4649,
"fetch": 4650,
"folders": 4651,
"fodhelper": 4652,
"feder": 4653,
"gn": 4654,
"gz": 4655,
"great": 4656,
"gcc": 4657,
"golden": 4658,
"glib": 4659,
"hh": 4660,
"har": 4661,
"had": 4662,
"hid": 4663,
"hang": 4664,
"here": 4665,
"hook": 4666,
"hypervisor": 4667,
"hinder": 4668,
"io": 4669,
"ic": 4670,
"iw": 4671,
"jo": 4672,
"jse": 4673,
"jscript": 4674,
"jobs": 4675,
"kx": 4676,
"kub": 4677,
"kmu": 4678,
"let": 4679,
"lim": 4680,
"land": 4681,
"lines": 4682,
"limited": 4683,
"large": 4684,
"mat": 4685,
"most": 4686,
"move": 4687,
"mimi": 4688,
"memb": 4689,
"mshta": 4690,
"max": 4691,
"magic": 4692,
"mounted": 4693,
"ng": 4694,
"nec": 4695,
"now": 4696,
"normally": 4697,
"nolog": 4698,
"our": 4699,
"old": 4700,
"odd": 4701,
"pa": 4702,
"pc": 4703,
"pk": 4704,
"pg": 4705,
"pid": 4706,
"pcal": 4707,
"pyp": 4708,
"pdf": 4709,
"qual": 4710,
"ques": 4711,
"rd": 4712,
"rf": 4713,
"rar": 4714,
"rou": 4715,
"ransom": 4716,
"rather": 4717,
"sd": 4718,
"sec": 4719,
"sent": 4720,
"ske": 4721,
"saf": 4722,
"site": 4723,
"smb": 4724,
"sbin": 4725,
"small": 4726,
"tz": 4727,
"tun": 4728,
"table": 4729,
"tables": 4730,
"trend": 4731,
"takes": 4732,
"ud": 4733,
"vect": 4734,
"virus": 4735,
"wa": 4736,
"wine": 4737,
"wav": 4738,
"ways": 4739,
"xw": 4740,
"xwd": 4741,
"##xS": 4742,
"##xcl": 4743,
"##ping": 4744,
"##par": 4745,
"##path": 4746,
"##press": 4747,
"##lish": 4748,
"##limited": 4749,
"##oC": 4750,
"##oted": 4751,
"##osoft": 4752,
"##ocation": 4753,
"##io": 4754,
"##ie": 4755,
"##ib": 4756,
"##ias": 4757,
"##iet": 4758,
"##ita": 4759,
"##iate": 4760,
"##ibit": 4761,
"##tx": 4762,
"##tre": 4763,
"##tUtil": 4764,
"##ao": 4765,
"##a0": 4766,
"##ng": 4767,
"##nre": 4768,
"##nown": 4769,
"##nel": 4770,
"##nized": 4771,
"##nitch": 4772,
"##hun": 4773,
"##hider": 4774,
"##hibit": 4775,
"##cing": 4776,
"##can": 4777,
"##cure": 4778,
"##coded": 4779,
"##cord": 4780,
"##c4f": 4781,
"##cope": 4782,
"##eys": 4783,
"##emote": 4784,
"##e35": 4785,
"##e28": 4786,
"##sor": 4787,
"##shell": 4788,
"##slock": 4789,
"##sensitive": 4790,
"##stead": 4791,
"##rle": 4792,
"##row": 4793,
"##raft": 4794,
"##db": 4795,
"##dia": 4796,
"##dinal": 4797,
"##vt": 4798,
"##vc": 4799,
"##vP": 4800,
"##vul": 4801,
"##vest": 4802,
"##vious": 4803,
"##kC": 4804,
"##king": 4805,
"##kurl": 4806,
"##uH": 4807,
"##uction": 4808,
"##ugg": 4809,
"##ugger": 4810,
"##m4": 4811,
"##mor": 4812,
"##med": 4813,
"##mst": 4814,
"##mend": 4815,
"##fs": 4816,
"##f7": 4817,
"##fIn": 4818,
"##fix": 4819,
"##faults": 4820,
"##flags": 4821,
"##fee": 4822,
"##f38": 4823,
"##wB": 4824,
"##win": 4825,
"##web": 4826,
"##wutl": 4827,
"##yT": 4828,
"##ylib": 4829,
"##UM": 4830,
"##UT": 4831,
"##UAC": 4832,
"##URL": 4833,
"##Unre": 4834,
"##D0": 4835,
"##Domain": 4836,
"##DNS": 4837,
"##Deb": 4838,
"##DLP": 4839,
"##OUS": 4840,
"##by": 4841,
"##bon": 4842,
"##bers": 4843,
"##bel": 4844,
"##bour": 4845,
"##backup": 4846,
"##build": 4847,
"##bf38": 4848,
"##ja": 4849,
"##EO": 4850,
"##E9": 4851,
"##ESS": 4852,
"##MC": 4853,
"##Mem": 4854,
"##Micro": 4855,
"##Mag": 4856,
"##Mapping": 4857,
"##MOUS": 4858,
"##PO": 4859,
"##Pip": 4860,
"##Priv": 4861,
"##Phish": 4862,
"##ze": 4863,
"##zone": 4864,
"##gt": 4865,
"##gI": 4866,
"##gid": 4867,
"##16": 4868,
"##17": 4869,
"##54": 4870,
"##52": 4871,
"##4c4f": 4872,
"##60": 4873,
"##It": 4874,
"##IfIn": 4875,
"##NT": 4876,
"##Note": 4877,
"##Name": 4878,
"##NSI": 4879,
"##NUM": 4880,
"##A3": 4881,
"##AR": 4882,
"##Access": 4883,
"##Audit": 4884,
"##Agent": 4885,
"##SP": 4886,
"##SV": 4887,
"##Sty": 4888,
"##Send": 4889,
"##Sync": 4890,
"##SxS": 4891,
"##Snitch": 4892,
"##Scope": 4893,
"##Svc": 4894,
"##364": 4895,
"##3f7": 4896,
"##Red": 4897,
"##Role": 4898,
"##RRE": 4899,
"##CD": 4900,
"##Cre": 4901,
"##Code": 4902,
"##Current": 4903,
"##Cap": 4904,
"##Cron": 4905,
"##Thing": 4906,
"##GON": 4907,
"##GUID": 4908,
"##99": 4909,
"##98": 4910,
"##74": 4911,
"##Win": 4912,
"##Wri": 4913,
"##Will": 4914,
"##WOR": 4915,
"##WDB": 4916,
"##YMOUS": 4917,
"##Build": 4918,
"##History": 4919,
"##Hidden": 4920,
"##F1": 4921,
"##Fil": 4922,
"##File": 4923,
"##Finder": 4924,
"##Keys": 4925,
"##Zagne": 4926,
"##ince": 4927,
"##inting": 4928,
"##info": 4929,
"##esg": 4930,
"##tex": 4931,
"##tie": 4932,
"##tial": 4933,
"##tical": 4934,
"##lla": 4935,
"##lls": 4936,
"##ecated": 4937,
"##ecraft": 4938,
"##oration": 4939,
"##orrect": 4940,
"##omration": 4941,
"##ommend": 4942,
"##ingServer": 4943,
"##reporting": 4944,
"##rella": 4945,
"exits": 4946,
"explic": 4947,
"extra": 4948,
"wiper": 4949,
"##icy": 4950,
"##ical": 4951,
"##icates": 4952,
"##icated": 4953,
"##icator": 4954,
"##eness": 4955,
"##enum": 4956,
"##enumeration": 4957,
"##enses": 4958,
"##ato": 4959,
"##ature": 4960,
"##attr": 4961,
"##atform": 4962,
"init": 4963,
"inject": 4964,
"initi": 4965,
"inhibit": 4966,
"usr": 4967,
"usually": 4968,
"##aring": 4969,
"##arch": 4970,
"##arab": 4971,
"##asing": 4972,
"##aler": 4973,
"##etykatz": 4974,
"##essary": 4975,
"executables": 4976,
"##thold": 4977,
"fills": 4978,
"##tam": 4979,
"##tane": 4980,
"##any": 4981,
"##ants": 4982,
"##ride": 4983,
"##ateProcess": 4984,
"##odial": 4985,
"##cesshider": 4986,
"##uling": 4987,
"##ultane": 4988,
"begin": 4989,
"beaconing": 4990,
"comm": 4991,
"coming": 4992,
"comsvcs": 4993,
"##estTrust": 4994,
"filename": 4995,
"fileless": 4996,
"##aders": 4997,
"##adually": 4998,
"##ad364": 4999,
"##aces": 5000,
"##acent": 5001,
"##acted": 5002,
"##acls": 5003,
"WinSxS": 5004,
"##utor": 5005,
"lost": 5006,
"onto": 5007,
"online": 5008,
"reve": 5009,
"really": 5010,
"repo": 5011,
"reaching": 5012,
"reactivate": 5013,
"referen": 5014,
"exeuction": 5015,
"##olang": 5016,
"##olves": 5017,
"##iring": 5018,
"fork": 5019,
"forfiles": 5020,
"forcing": 5021,
"##plate": 5022,
"##plants": 5023,
"thing": 5024,
"than": 5025,
"third": 5026,
"throw": 5027,
"##umed": 5028,
"surv": 5029,
"##pond": 5030,
"##ponent": 5031,
"##ently": 5032,
"protected": 5033,
"proced": 5034,
"profiles": 5035,
"##ility": 5036,
"##ained": 5037,
"Exec": 5038,
"Extra": 5039,
"##star": 5040,
"##stest": 5041,
"##status": 5042,
"##veigh": 5043,
"userenum": 5044,
"##imic": 5045,
"##imum": 5046,
"##imgr": 5047,
"ads": 5048,
"adid": 5049,
"adstest": 5050,
"##cky": 5051,
"##otes": 5052,
"##oting": 5053,
"demon": 5054,
"detec": 5055,
"depr": 5056,
"##quest": 5057,
"##quoted": 5058,
"disabling": 5059,
"Refl": 5060,
"Reference": 5061,
"Reactivate": 5062,
"atp": 5063,
"itm4": 5064,
"organ": 5065,
"##urning": 5066,
"runner": 5067,
"runbook": 5068,
"Powercat": 5069,
"##chain": 5070,
"##chment": 5071,
"##ervals": 5072,
"enumerates": 5073,
"credit": 5074,
"Created": 5075,
"DiskC": 5076,
"activate": 5077,
"accord": 5078,
"These": 5079,
"systemstate": 5080,
"##stance": 5081,
"##opus": 5082,
"##opied": 5083,
"scenarios": 5084,
"##allpa": 5085,
"Usern": 5086,
"UsoC": 5087,
"starts": 5088,
"starting": 5089,
"Initi": 5090,
"Inher": 5091,
"Injects": 5092,
"Inser": 5093,
"Instrumentation": 5094,
"Instead": 5095,
"Inveigh": 5096,
"Advan": 5097,
"##ilege": 5098,
"PowerShellUpon": 5099,
"successfuly": 5100,
"##igate": 5101,
"##igest": 5102,
"##lyCon": 5103,
"##stallable": 5104,
"##calation": 5105,
"Demand": 5106,
"Detec": 5107,
"Depend": 5108,
"shows": 5109,
"shim": 5110,
"shown": 5111,
"short": 5112,
"sharp": 5113,
"shutdown": 5114,
"sharing": 5115,
"Executed": 5116,
"##teria": 5117,
"cancel": 5118,
"Loc": 5119,
"Look": 5120,
"Location": 5121,
"processor": 5122,
"##emplate": 5123,
"chcp": 5124,
"chunks": 5125,
"chflags": 5126,
"chattr": 5127,
"utilis": 5128,
"Enforced": 5129,
"setgid": 5130,
"##usted": 5131,
"Comple": 5132,
"sekurl": 5133,
"##upg": 5134,
"scriptlet": 5135,
"localhost": 5136,
"localectl": 5137,
"Anonymous": 5138,
"##ageBox": 5139,
"macos": 5140,
"thenew": 5141,
"allocation": 5142,
"Shim": 5143,
"Shadowstorage": 5144,
"##tenz": 5145,
"downloadand": 5146,
"##rivesc": 5147,
"defaults": 5148,
"defensive": 5149,
"defenses": 5150,
"Chown": 5151,
"Chmod": 5152,
"archive": 5153,
"Contrib": 5154,
"##bsequent": 5155,
"simulation": 5156,
"simulated": 5157,
"powershellsensitive": 5158,
"special": 5159,
"conflic": 5160,
"GetCurrent": 5161,
"contained": 5162,
"hostUpon": 5163,
"alternative": 5164,
"winzip": 5165,
"winPE": 5166,
"winrar": 5167,
"DomainPolicy": 5168,
"DomainTrust": 5169,
"accessible": 5170,
"binPath": 5171,
"AddTo": 5172,
"unp": 5173,
"unable": 5174,
"unav": 5175,
"##search": 5176,
"##ernals": 5177,
"##erequisites": 5178,
"AzRole": 5179,
"trad": 5180,
"trace": 5181,
"attacking": 5182,
"Admins": 5183,
"specifice": 5184,
"AzureAD": 5185,
"##ickbot": 5186,
"##icktime": 5187,
"ADRecon": 5188,
"##ffon": 5189,
"##shred": 5190,
"##ape": 5191,
"##apted": 5192,
"##apMC": 5193,
"##clt": 5194,
"##ruc": 5195,
"prefer": 5196,
"previous": 5197,
"attempting": 5198,
"timezone": 5199,
"configuring": 5200,
"clang": 5201,
"cloud": 5202,
"prctl": 5203,
"printer": 5204,
"##ublish": 5205,
"encod": 5206,
"Commands": 5207,
"WMIExec": 5208,
"DLLs": 5209,
"research": 5210,
"admins": 5211,
"Logon": 5212,
"delegation": 5213,
"rootkit": 5214,
"modifying": 5215,
"##ighbour": 5216,
"AtomicRed": 5217,
"ability": 5218,
"lead": 5219,
"left": 5220,
"least": 5221,
"tarfile": 5222,
"targer": 5223,
"verbo": 5224,
"verified": 5225,
"Installed": 5226,
"InstallHelper": 5227,
"NetSup": 5228,
"managing": 5229,
"manufacturer": 5230,
"LocalApp": 5231,
"Processors": 5232,
"prompting": 5233,
"##ploits": 5234,
"shouldn": 5235,
"Union": 5236,
"Unload": 5237,
"Unlimited": 5238,
"##points": 5239,
"devices": 5240,
"Firepwd": 5241,
"txtto": 5242,
"spawned": 5243,
"seeing": 5244,
"objects": 5245,
"##tificates": 5246,
"createdump": 5247,
"Downloads": 5248,
"Downloaded": 5249,
"SecurityProvid": 5250,
"Compute": 5251,
"Company": 5252,
"Autodial": 5253,
"pipes": 5254,
"interaction": 5255,
"##traction": 5256,
"Thread": 5257,
"decre": 5258,
"platform": 5259,
"parse": 5260,
"passing": 5261,
"passhun": 5262,
"##achable": 5263,
"performed": 5264,
"lsm": 5265,
"typed": 5266,
"typical": 5267,
"##ProcDump": 5268,
"##ProgI": 5269,
"infl": 5270,
"infomration": 5271,
"configurations": 5272,
"Scarab": 5273,
"certre": 5274,
"neighbour": 5275,
"roleAssignment": 5276,
"sysmon": 5277,
"sysctl": 5278,
"##ordump": 5279,
"Edition": 5280,
"SYSV": 5281,
"recog": 5282,
"recommend": 5283,
"returning": 5284,
"##akdia": 5285,
"discovering": 5286,
"Shared": 5287,
"ShareFinder": 5288,
"200": 5289,
"Shellcode": 5290,
"Similar": 5291,
"Simultane": 5292,
"endpoints": 5293,
"included": 5294,
"Perl": 5295,
"evtx": 5296,
"findstr": 5297,
"insmod": 5298,
"insert": 5299,
"needs": 5300,
"Redirection": 5301,
"textEx": 5302,
"##eving": 5303,
"lockout": 5304,
"Eventlog": 5305,
"OpenWith": 5306,
"OpenDNS": 5307,
"especially": 5308,
"##SAdmin": 5309,
"product": 5310,
"accountsUpon": 5311,
"##ypassUAC": 5312,
"AllThe": 5313,
"Resize": 5314,
"kernels": 5315,
"renew": 5316,
"rename": 5317,
"renaming": 5318,
"##ONYMOUS": 5319,
"docx": 5320,
"006": 5321,
"Bypasses": 5322,
"obscure": 5323,
"zeroes": 5324,
"##urla": 5325,
"shareenumeration": 5326,
"targetted": 5327,
"SearchScope": 5328,
"errorreporting": 5329,
"endpointUpon": 5330,
"CheckIfIn": 5331,
"Privesc": 5332,
"SysV": 5333,
"SysInt": 5334,
"ipconfig": 5335,
"restart": 5336,
"restoring": 5337,
"expect": 5338,
"expire": 5339,
"expiration": 5340,
"screencapture": 5341,
"Click": 5342,
"Forward": 5343,
"ForestTrust": 5344,
"RAND": 5345,
"subf": 5346,
"subnet": 5347,
"Regular": 5348,
"whois": 5349,
"whose": 5350,
"ScriptControl": 5351,
"zipfile": 5352,
"##obfusc": 5353,
"assum": 5354,
"assign": 5355,
"assignment": 5356,
"##ProcessEx": 5357,
"LDAPSearch": 5358,
"LDAPDomain": 5359,
"Prerequisites": 5360,
"portpro": 5361,
"##ggers": 5362,
"##uncate": 5363,
"forcefully": 5364,
"setspn": 5365,
"GPOR": 5366,
"GlobalF": 5367,
"PS4": 5368,
"PS3": 5369,
"PS2": 5370,
"Snaff": 5371,
"SnapMC": 5372,
"msbuild": 5373,
"numbers": 5374,
"triggers": 5375,
"##lient": 5376,
"##like": 5377,
"Lockout": 5378,
"Lockbit": 5379,
"Attacks": 5380,
"AutoIt": 5381,
"StartupItem": 5382,
"customshell": 5383,
"good": 5384,
"packages": 5385,
"party": 5386,
"virtualization": 5387,
"virtualized": 5388,
"property": 5389,
"Enabled": 5390,
"emptying": 5391,
"##fuscated": 5392,
"EXTE": 5393,
"Tracing": 5394,
"Truncate": 5395,
"WebRe": 5396,
"##ANT": 5397,
"therefore": 5398,
"Deletion": 5399,
"searches": 5400,
"leverage": 5401,
"T1055": 5402,
"T1010": 5403,
"Permissions": 5404,
"vulnerabilities": 5405,
"Crad": 5406,
"CHAR": 5407,
"Certain": 5408,
"ImageMag": 5409,
"Online": 5410,
"PsSend": 5411,
"SMTP": 5412,
"TeamViewer": 5413,
"Teamviewer": 5414,
"features": 5415,
"immed": 5416,
"implants": 5417,
"##ntity": 5418,
"reads": 5419,
"spoolvul": 5420,
"NTDSUtil": 5421,
"argumentsWill": 5422,
"ScheduledTask": 5423,
"Successfully": 5424,
"Hostname": 5425,
"LOTR": 5426,
"LOGON": 5427,
"MSOL": 5428,
"MS17": 5429,
"MSBuild": 5430,
"guid": 5431,
"helps": 5432,
"indicate": 5433,
"indicator": 5434,
"imported": 5435,
"posting": 5436,
"steps": 5437,
"##eps": 5438,
"##reset": 5439,
"##respond": 5440,
"##times": 5441,
"chmods": 5442,
"Sharpup": 5443,
"Sharpweb": 5444,
"collectionto": 5445,
"escalating": 5446,
"Archive": 5447,
"Afterwards": 5448,
"Staging": 5449,
"USE": 5450,
"established": 5451,
"##pair": 5452,
"##Instance": 5453,
"##3339": 5454,
"chowns": 5455,
"variant": 5456,
"LoginItem": 5457,
"T1136": 5458,
"T1564": 5459,
"T1560": 5460,
"T1574": 5461,
"Cmdlets": 5462,
"Darkside": 5463,
"Evil": 5464,
"Grant": 5465,
"Granting": 5466,
"INF": 5467,
"Impacket": 5468,
"Imperson": 5469,
"Safetykatz": 5470,
"achieve": 5471,
"correct": 5472,
"correspond": 5473,
"idle": 5474,
"lastlog": 5475,
"##5550": 5476,
"procdump": 5477,
"procfs": 5478,
"ensure": 5479,
"ensuring": 5480,
"ens33": 5481,
"Streams": 5482,
"Configure": 5483,
"unless": 5484,
"unlimited": 5485,
"encrypts": 5486,
"Compiled": 5487,
"Overwrites": 5488,
"WerFaultSvc": 5489,
"Auditing": 5490,
"Restric": 5491,
"capabilities": 5492,
"granted": 5493,
"gradually": 5494,
"pushed": 5495,
"saved": 5496,
"symmet": 5497,
"symlink": 5498,
"term": 5499,
"terms": 5500,
"##nesses": 5501,
"excluding": 5502,
"registering": 5503,
"consent": 5504,
"consumed": 5505,
"##strates": 5506,
"##sociation": 5507,
"requesting": 5508,
"handles": 5509,
"handler": 5510,
"decodes": 5511,
"Appends": 5512,
"listener": 5513,
"Hashcat": 5514,
"BITSAdmin": 5515,
"CimInstance": 5516,
"DllUnre": 5517,
"PUT": 5518,
"Prevent": 5519,
"Preference": 5520,
"Recovery": 5521,
"Recycle": 5522,
"Recently": 5523,
"SilentlyCon": 5524,
"SilentProcessEx": 5525,
"downgrade": 5526,
"hex": 5527,
"hello": 5528,
"headers": 5529,
"meet": 5530,
"##rics": 5531,
"extracts": 5532,
"WindowSty": 5533,
"stopped": 5534,
"stopping": 5535,
"powerhell": 5536,
"ShowUI": 5537,
"Containers": 5538,
"transacted": 5539,
"administrators": 5540,
"Filtered": 5541,
"recently": 5542,
"recorded": 5543,
"Spawns": 5544,
"Privilege": 5545,
"GPOAudit": 5546,
"triggering": 5547,
"##ganographic": 5548,
"11D0": 5549,
"64bit": 5550,
"Escalation": 5551,
"MonitorProcess": 5552,
"SeDeb": 5553,
"Writes": 5554,
"benef": 5555,
"badpwd": 5556,
"minutes": 5557,
"pods": 5558,
"##phine": 5559,
"##nnnn": 5560,
"##nsdump": 5561,
"##nscan": 5562,
"##40600": 5563,
"##titPo": 5564,
"replication": 5565,
"replacing": 5566,
"subsequent": 5567,
"DomainGPO": 5568,
"unreachable": 5569,
"uncompress": 5570,
"builtins": 5571,
"SysinternalsProcDump": 5572,
"removes": 5573,
"removed": 5574,
"suspiciousness": 5575,
"possibil": 5576,
"1638": 5577,
"Authorization": 5578,
"Before": 5579,
"Beaconing": 5580,
"Identity": 5581,
"NOT": 5582,
"SUCC": 5583,
"WDigest": 5584,
"csc": 5585,
"member": 5586,
"osk": 5587,
"quiet": 5588,
"quotes": 5589,
"sticky": 5590,
"tell": 5591,
"terminate": 5592,
"terminates": 5593,
"##processhider": 5594,
"##saver": 5595,
"##PEntity": 5596,
"##AppvP": 5597,
"##mapexec": 5598,
"Debugger": 5599,
"spraying": 5600,
"AntiPhish": 5601,
"unlocked": 5602,
"manipulated": 5603,
"Specify": 5604,
"appending": 5605,
"retrieving": 5606,
"retrieval": 5607,
"GPPPassword": 5608,
"UltraViewer": 5609,
"0x4c4f": 5610,
"0x5550": 5611,
"CPU": 5612,
"DDE": 5613,
"DCSh": 5614,
"Mini": 5615,
"Minidump": 5616,
"OSTap": 5617,
"OSTAP": 5618,
"Player": 5619,
"Plugg": 5620,
"Steganographic": 5621,
"What": 5622,
"WmiObject": 5623,
"Wevtutil": 5624,
"WevtUtil": 5625,
"better": 5626,
"betwe": 5627,
"critical": 5628,
"criteria": 5629,
"closed": 5630,
"kittie": 5631,
"kittenz": 5632,
"monitoring": 5633,
"popup": 5634,
"signal": 5635,
"vmx": 5636,
"wsf": 5637,
"wsreset": 5638,
"xlsm": 5639,
"increase": 5640,
"incorrect": 5641,
"invocation": 5642,
"invoking": 5643,
"Extensions": 5644,
"detectedby": 5645,
"Device": 5646,
"##checks": 5647,
"win32times": 5648,
"disabledin": 5649,
"crontab": 5650,
"crontabs": 5651,
"generaldomain": 5652,
"crafts": 5653,
"stealth": 5654,
"T1546": 5655,
"T1547": 5656,
"GeneralRecon": 5657,
"subscriptions": 5658,
"DomainGroupMem": 5659,
"MachineGUID": 5660,
"Retrieve": 5661,
"Retrieving": 5662,
"LegalNoticeText": 5663,
"LegalNoticeCap": 5664,
"011": 5665,
"Association": 5666,
"ANONYMOUS": 5667,
"ART": 5668,
"Butter": 5669,
"Catalog": 5670,
"DirList": 5671,
"Hooks": 5672,
"IsHidden": 5673,
"IFEO": 5674,
"MessageBox": 5675,
"PPAM": 5676,
"Quicktime": 5677,
"Rename": 5678,
"Tarball": 5679,
"api": 5680,
"ccmst": 5681,
"dropper": 5682,
"effectiv": 5683,
"fruit": 5684,
"krbt": 5685,
"lnk": 5686,
"missing": 5687,
"metrics": 5688,
"persist": 5689,
"title": 5690,
"##tleSnitch": 5691,
"##tinue": 5692,
"##nprivesc": 5693,
"##ugPriv": 5694,
"##fulshred": 5695,
"##Defaults": 5696,
"##Enum": 5697,
"##Prn": 5698,
"##56ad364": 5699,
"##5821": 5700,
"##Load": 5701,
"topic": 5702,
"intervals": 5703,
"involves": 5704,
"inactive": 5705,
"revert": 5706,
"Expected": 5707,
"Powersploits": 5708,
"ComputerDefaults": 5709,
"Attaches": 5710,
"kextload": 5711,
"Storage": 5712,
"unattend": 5713,
"libprocesshider": 5714,
"scheduling": 5715,
"authenticate": 5716,
"recei": 5717,
"##Execution": 5718,
"Headless": 5719,
"Embedding": 5720,
"crackmapexec": 5721,
"##553540600": 5722,
"considered": 5723,
"Identifier": 5724,
"McAfee": 5725,
"Spooler": 5726,
"buckets": 5727,
"duplicate": 5728,
"180": 5729,
"31bf38": 5730,
"3000": 5731,
"3390": 5732,
"444553540600": 5733,
"4769": 5734,
"821E": 5735,
"Apple": 5736,
"Awfulshred": 5737,
"ALNUM": 5738,
"Avoslock": 5739,
"Assis": 5740,
"Bronze": 5741,
"CURRE": 5742,
"C9E9": 5743,
"Carbon": 5744,
"D1F1": 5745,
"Datacent": 5746,
"Diamor": 5747,
"DccwB": 5748,
"DSRM": 5749,
"Dotnetsearch": 5750,
"EWM": 5751,
"Features": 5752,
"GUP": 5753,
"GZip": 5754,
"Griffon": 5755,
"Gathers": 5756,
"IoT": 5757,
"ICMP": 5758,
"IcedID": 5759,
"IMEWDB": 5760,
"Juicy": 5761,
"Kinsing": 5762,
"LaZagne": 5763,
"LSM": 5764,
"LinEnum": 5765,
"LittleSnitch": 5766,
"Level": 5767,
"Leverage": 5768,
"LUHN": 5769,
"MFA": 5770,
"Micosoft": 5771,
"Mirror": 5772,
"Morerecon": 5773,
"Mimik": 5774,
"Ninja": 5775,
"NamedPip": 5776,
"Obfuscated": 5777,
"Octopus": 5778,
"PnPEntity": 5779,
"PetitPo": 5780,
"Parses": 5781,
"Potato": 5782,
"Pupy": 5783,
"PubPrn": 5784,
"RBCD": 5785,
"Rclone": 5786,
"SecEdit": 5787,
"Sigma": 5788,
"Select": 5789,
"SACL": 5790,
"SyncAppvP": 5791,
"Seatbel": 5792,
"SELinux": 5793,
"SmbMapping": 5794,
"SDelete": 5795,
"TinyT": 5796,
"Touching": 5797,
"Topic": 5798,
"TrendMicro": 5799,
"Umbrella": 5800,
"Verify": 5801,
"VARIANT": 5802,
"Watson": 5803,
"Warning": 5804,
"Wifi": 5805,
"WINWOR": 5806,
"WORK": 5807,
"Wocao": 5808,
"WCMDump": 5809,
"a13f7": 5810,
"bz2": 5811,
"bunch": 5812,
"blob": 5813,
"covert": 5814,
"dmesg": 5815,
"dedicated": 5816,
"dotm": 5817,
"daily": 5818,
"fsutil": 5819,
"finite": 5820,
"facil": 5821,
"foothold": 5822,
"federated": 5823,
"gnupg": 5824,
"glibc": 5825,
"iwr": 5826,
"joined": 5827,
"kxwn": 5828,
"kubectl": 5829,
"kmutil": 5830,
"lets": 5831,
"members": 5832,
"maximum": 5833,
"ngrok": 5834,
"necessary": 5835,
"nologin": 5836,
"pcwutl": 5837,
"pkill": 5838,
"pcalua": 5839,
"pypykatz": 5840,
"quality": 5841,
"question": 5842,
"rdrle": 5843,
"route": 5844,
"sdclt": 5845,
"secedit": 5846,
"skel": 5847,
"smbstatus": 5848,
"tunnel": 5849,
"udp": 5850,
"vectors": 5851,
"waiting": 5852,
"winevt": 5853,
"xwud": 5854,
"##xcli": 5855,
"##iately": 5856,
"##a050": 5857,
"##emoteAccess": 5858,
"##e283339": 5859,
"##DLPAgent": 5860,
"##5452": 5861,
"##NSION": 5862,
"##A340": 5863,
"##Cronj": 5864,
"##Things": 5865,
"##Write": 5866,
"##HistoryHandler": 5867,
"initial": 5868,
"inhibiting": 5869,
"begins": 5870,
"reveals": 5871,
"referenced": 5872,
"survive": 5873,
"procedure": 5874,
"##imgrab": 5875,
"adidnsdump": 5876,
"demonstrates": 5877,
"deprecated": 5878,
"Reflectively": 5879,
"itm4nprivesc": 5880,
"organization": 5881,
"DiskCleanup": 5882,
"according": 5883,
"systemstatebackup": 5884,
"##allpaper": 5885,
"UsoClient": 5886,
"Initiating": 5887,
"Inherit": 5888,
"Inserts": 5889,
"Advanced": 5890,
"Depending": 5891,
"sharpview": 5892,
"Completed": 5893,
"sekurlsa": 5894,
"Contributor": 5895,
"conflict": 5896,
"winPEAS": 5897,
"AddToHistoryHandler": 5898,
"unavailable": 5899,
"AzRoleAssignment": 5900,
"previously": 5901,
"cloudTrail": 5902,
"printercheck": 5903,
"##ublishingServer": 5904,
"NetSupport": 5905,
"LocalAppData": 5906,
"SecurityProviders": 5907,
"AutodialDLL": 5908,
"platforms": 5909,
"passhunt": 5910,
"##ProgIds": 5911,
"certreq": 5912,
"roleAssignments": 5913,
"SYSVOL": 5914,
"recognized": 5915,
"##akdiag": 5916,
"Simultaneous": 5917,
"textExtraction": 5918,
"OpenWithProgIds": 5919,
"AllTheThings": 5920,
"errorreportingfaults": 5921,
"CheckIfInstallable": 5922,
"SysInternals": 5923,
"RANDOM": 5924,
"LDAPDomainDump": 5925,
"portproxy": 5926,
"GPORemoteAccess": 5927,
"Snaffler": 5928,
"StartupItems": 5929,
"customshellhost": 5930,
"EXTENSION": 5931,
"WebRequest": 5932,
"CHARS": 5933,
"ImageMagick": 5934,
"PsSendKeys": 5935,
"immediately": 5936,
"spoolvulnscan": 5937,
"MSOLSpray": 5938,
"Impersonation": 5939,
"Restricted": 5940,
"symmetric": 5941,
"termsrv": 5942,
"DllUnregisterServer": 5943,
"SilentlyContinue": 5944,
"SilentProcessExit": 5945,
"WindowStyle": 5946,
"SeDebugPriv": 5947,
"benefiting": 5948,
"badpwdcount": 5949,
"possibilities": 5950,
"16384": 5951,
"SUCCESS": 5952,
"AntiPhishRule": 5953,
"0x4c4f5452": 5954,
"0x55505821": 5955,
"DCShadow": 5956,
"Pluggable": 5957,
"between": 5958,
"generaldomaininfo": 5959,
"DomainGroupMember": 5960,
"LegalNoticeCaption": 5961,
"DirLister": 5962,
"ccmstp": 5963,
"effectiveness": 5964,
"krbtgt": 5965,
"##56ad364e35": 5966,
"McAfeeDLPAgent": 5967,
"31bf3856ad364e35": 5968,
"Avoslocker": 5969,
"CURRENT": 5970,
"C9E9A340": 5971,
"Datacenter": 5972,
"Diamorphine": 5973,
"DccwBypassUAC": 5974,
"IMEWDBLD": 5975,
"NamedPipe": 5976,
"PetitPotam": 5977,
"SyncAppvPublishingServer": 5978,
"Seatbelt": 5979,
"TinyTurla": 5980,
"WINWORD": 5981,
"a13f7e283339": 5982,
"rdrleakdiag": 5983,
"GPORemoteAccessPolicy": 5984,
"SeDebugPrivilege": 5985,
"McAfeeDLPAgentService": 5986,
"a13f7e283339a050": 5987,
"0D": 5988,
"0E": 5989,
"05": 5990,
"06": 5991,
"0A": 5992,
"03": 5993,
"02": 5994,
"0C": 5995,
"09": 5996,
"08": 5997,
"07": 5998,
"0B": 5999,
"0F": 6000,
"12": 6001,
"26": 6002,
"23": 6003,
"2is": 6004,
"2nd": 6005,
"4E": 6006,
"47": 6007,
"5M": 6008,
"54": 6009,
"53": 6010,
"52": 6011,
"60": 6012,
"65535": 6013,
"999": 6014,
"Av": 6015,
"AC": 6016,
"Appl": 6017,
"ALL": 6018,
"Auth": 6019,
"Agent": 6020,
"AUT": 6021,
"Astar": 6022,
"Ba": 6023,
"Boot": 6024,
"Buil": 6025,
"Bund": 6026,
"BLI": 6027,
"Batch": 6028,
"Botnet": 6029,
"Build": 6030,
"CD": 6031,
"CI": 6032,
"CC": 6033,
"CV": 6034,
"Cle": 6035,
"Count": 6036,
"Cook": 6037,
"CLS": 6038,
"Copied": 6039,
"DY": 6040,
"Date": 6041,
"Dot": 6042,
"Down": 6043,
"DOS": 6044,
"Due": 6045,
"Dok": 6046,
"DATA": 6047,
"Dylib": 6048,
"Eu": 6049,
"EI": 6050,
"EB": 6051,
"End": 6052,
"Ether": 6053,
"Emp": 6054,
"Echo": 6055,
"Each": 6056,
"Establ": 6057,
"Fr": 6058,
"FL": 6059,
"Fin": 6060,
"Fav": 6061,
"FIN": 6062,
"Fetch": 6063,
"Feder": 6064,
"Git": 6065,
"Gam": 6066,
"Grou": 6067,
"GET": 6068,
"Give": 6069,
"GUID": 6070,
"Goz": 6071,
"Github": 6072,
"Gpg": 6073,
"Golang": 6074,
"Here": 6075,
"Hence": 6076,
"HuH": 6077,
"IV": 6078,
"Ify": 6079,
"INS": 6080,
"Kle": 6081,
"Kal": 6082,
"Kit": 6083,
"Kir": 6084,
"Kext": 6085,
"Known": 6086,
"LE": 6087,
"LI": 6088,
"Less": 6089,
"Lim": 6090,
"LLM": 6091,
"Light": 6092,
"Lsa": 6093,
"Lower": 6094,
"Me": 6095,
"Med": 6096,
"Mat": 6097,
"Met": 6098,
"Main": 6099,
"Mig": 6100,
"Mount": 6101,
"Mock": 6102,
"Masquerade": 6103,
"Makes": 6104,
"M365": 6105,
"Mounted": 6106,
"Mimic": 6107,
"NU": 6108,
"NM": 6109,
"Num": 6110,
"Nix": 6111,
"Ncat": 6112,
"Nslookup": 6113,
"Nimgrab": 6114,
"OU": 6115,
"OO": 6116,
"OI": 6117,
"Other": 6118,
"OSA": 6119,
"Odb": 6120,
"Po": 6121,
"Ph": 6122,
"PE": 6123,
"PT": 6124,
"Pat": 6125,
"Pers": 6126,
"Pod": 6127,
"Post": 6128,
"Patching": 6129,
"Paramet": 6130,
"Qbot": 6131,
"Rt": 6132,
"RU": 6133,
"Rar": 6134,
"Rule": 6135,
"RAM": 6136,
"Ransom": 6137,
"Right": 6138,
"RPR": 6139,
"Sa": 6140,
"SI": 6141,
"SA": 6142,
"SQ": 6143,
"ST": 6144,
"SH": 6145,
"Ser": 6146,
"Sod": 6147,
"Sol": 6148,
"Say": 6149,
"Str": 6150,
"Section": 6151,
"Sub": 6152,
"Size": 6153,
"SET": 6154,
"Some": 6155,
"Smu": 6156,
"Secure": 6157,
"SNK": 6158,
"Small": 6159,
"SSP": 6160,
"Since": 6161,
"Tw": 6162,
"TA": 6163,
"TT": 6164,
"Ter": 6165,
"Tri": 6166,
"Tech": 6167,
"Tree": 6168,
"Tail": 6169,
"Typ": 6170,
"Text": 6171,
"Tshark": 6172,
"T50": 6173,
"Telnet": 6174,
"Takes": 6175,
"TMP": 6176,
"TCC": 6177,
"Template": 6178,
"Upen": 6179,
"Upload": 6180,
"Van": 6181,
"VMD": 6182,
"Wann": 6183,
"WER": 6184,
"Worm": 6185,
"WSR": 6186,
"Wallpaper": 6187,
"Xcl": 6188,
"XIn": 6189,
"Xordump": 6190,
"Yes": 6191,
"ZI": 6192,
"ak": 6193,
"aure": 6194,
"aware": 6195,
"aud": 6196,
"atack": 6197,
"appl": 6198,
"amon": 6199,
"agr": 6200,
"ble": 6201,
"bro": 6202,
"bri": 6203,
"bot": 6204,
"blog": 6205,
"bund": 6206,
"bits": 6207,
"brit": 6208,
"co": 6209,
"cd": 6210,
"car": 6211,
"care": 6212,
"cab": 6213,
"cour": 6214,
"crypt": 6215,
"clock": 6216,
"csv": 6217,
"clean": 6218,
"cookies": 6219,
"catching": 6220,
"cacls": 6221,
"copied": 6222,
"cruc": 6223,
"dic": 6224,
"date": 6225,
"dum": 6226,
"did": 6227,
"desc": 6228,
"days": 6229,
"dynam": 6230,
"dns": 6231,
"description": 6232,
"dylib": 6233,
"ea": 6234,
"eg": 6235,
"equ": 6236,
"ess": 6237,
"effect": 6238,
"fl": 6239,
"ft": 6240,
"fr": 6241,
"fre": 6242,
"fal": 6243,
"fault": 6244,
"four": 6245,
"fully": 6246,
"fake": 6247,
"fron": 6248,
"fact": 6249,
"faster": 6250,
"falcon": 6251,
"foc": 6252,
"feed": 6253,
"gec": 6254,
"gpp": 6255,
"gap": 6256,
"gone": 6257,
"google": 6258,
"gci": 6259,
"golang": 6260,
"hl": 6261,
"hun": 6262,
"hot": 6263,
"hour": 6264,
"hard": 6265,
"hap": 6266,
"hos": 6267,
"helper": 6268,
"hardware": 6269,
"ir": 6270,
"ill": 6271,
"identi": 6272,
"iore": 6273,
"icon": 6274,
"js": 6275,
"jav": 6276,
"jpg": 6277,
"json": 6278,
"ku": 6279,
"less": 6280,
"layer": 6281,
"ma": 6282,
"mk": 6283,
"mm": 6284,
"my": 6285,
"m4": 6286,
"mon": 6287,
"mass": 6288,
"mst": 6289,
"mount": 6290,
"minu": 6291,
"mous": 6292,
"mask": 6293,
"msi": 6294,
"mill": 6295,
"made": 6296,
"match": 6297,
"mimic": 6298,
"nom": 6299,
"nop": 6300,
"nav": 6301,
"near": 6302,
"nested": 6303,
"nmap": 6304,
"naming": 6305,
"nnnnn": 6306,
"nimgrab": 6307,
"op": 6308,
"ok": 6309,
"ou": 6310,
"ole": 6311,
"opt": 6312,
"opp": 6313,
"option": 6314,
"pp": 6315,
"ph": 6316,
"pw": 6317,
"p7": 6318,
"pan": 6319,
"pure": 6320,
"psh": 6321,
"pher": 6322,
"paging": 6323,
"pix": 6324,
"p12": 6325,
"patching": 6326,
"portable": 6327,
"pee": 6328,
"please": 6329,
"pnp": 6330,
"pua": 6331,
"phishing": 6332,
"png": 6333,
"que": 6334,
"quer": 6335,
"rt": 6336,
"ris": 6337,
"radmin": 6338,
"rundll": 6339,
"right": 6340,
"rob": 6341,
"recurse": 6342,
"si": 6343,
"sn": 6344,
"she": 6345,
"som": 6346,
"sed": 6347,
"sit": 6348,
"sol": 6349,
"spl": 6350,
"sect": 6351,
"sound": 6352,
"side": 6353,
"sync": 6354,
"says": 6355,
"silent": 6356,
"solution": 6357,
"since": 6358,
"t1": 6359,
"tes": 6360,
"tac": 6361,
"tak": 6362,
"tested": 6363,
"t10": 6364,
"template": 6365,
"unt": 6366,
"unique": 6367,
"vb": 6368,
"v1": 6369,
"v5": 6370,
"v4": 6371,
"vS": 6372,
"v2": 6373,
"v9": 6374,
"vir": 6375,
"vmd": 6376,
"volum": 6377,
"wt": 6378,
"w64": 6379,
"wget": 6380,
"wallpaper": 6381,
"xC": 6382,
"xordump": 6383,
"ypp": 6384,
"zon": 6385,
"zone": 6386,
"ëR": 6387,
"##xies": 6388,
"##x64": 6389,
"##xcs": 6390,
"##pe": 6391,
"##pow": 6392,
"##pare": 6393,
"##pile": 6394,
"##pection": 6395,
"##pres": 6396,
"##parent": 6397,
"##phish": 6398,
"##low": 6399,
"##lip": 6400,
"##language": 6401,
"##last": 6402,
"##lCre": 6403,
"##lecraft": 6404,
"##oH": 6405,
"##oin": 6406,
"##overs": 6407,
"##oCon": 6408,
"##oast": 6409,
"##ojacking": 6410,
"##oami": 6411,
"##o28": 6412,
"##iy": 6413,
"##iest": 6414,
"##item": 6415,
"##itation": 6416,
"##ibl": 6417,
"##iks": 6418,
"##iMethod": 6419,
"##tn": 6420,
"##tom": 6421,
"##ters": 6422,
"##tch": 6423,
"##tree": 6424,
"##tWin": 6425,
"##ae": 6426,
"##aw": 6427,
"##a1": 6428,
"##a6": 6429,
"##aC": 6430,
"##ati": 6431,
"##ama": 6432,
"##air": 6433,
"##aire": 6434,
"##application": 6435,
"##author": 6436,
"##autions": 6437,
"##aLoad": 6438,
"##nl": 6439,
"##nS": 6440,
"##nes": 6441,
"##nig": 6442,
"##nolog": 6443,
"##hl": 6444,
"##hc": 6445,
"##hat": 6446,
"##hind": 6447,
"##hand": 6448,
"##hound": 6449,
"##cy": 6450,
"##c7": 6451,
"##ccount": 6452,
"##cting": 6453,
"##come": 6454,
"##curl": 6455,
"##cookies": 6456,
"##casing": 6457,
"##cape": 6458,
"##ek": 6459,
"##e7": 6460,
"##eal": 6461,
"##ely": 6462,
"##eged": 6463,
"##eak": 6464,
"##sc": 6465,
"##su": 6466,
"##sw": 6467,
"##sP": 6468,
"##sS": 6469,
"##she": 6470,
"##sic": 6471,
"##sit": 6472,
"##service": 6473,
"##sity": 6474,
"##sage": 6475,
"##sues": 6476,
"##ra": 6477,
"##rg": 6478,
"##rate": 6479,
"##rve": 6480,
"##rup": 6481,
"##rase": 6482,
"##raries": 6483,
"##rans": 6484,
"##rays": 6485,
"##rarily": 6486,
"##dg": 6487,
"##d8": 6488,
"##dec": 6489,
"##dam": 6490,
"##dated": 6491,
"##dps": 6492,
"##daemon": 6493,
"##dapted": 6494,
"##v6": 6495,
"##vil": 6496,
"##vable": 6497,
"##vtutil": 6498,
"##ko": 6499,
"##known": 6500,
"##uas": 6501,
"##upt": 6502,
"##uation": 6503,
"##uch": 6504,
"##uable": 6505,
"##uard": 6506,
"##uence": 6507,
"##uching": 6508,
"##uement": 6509,
"##me": 6510,
"##men": 6511,
"##mask": 6512,
"##mlog": 6513,
"##memory": 6514,
"##mits": 6515,
"##mService": 6516,
"##mxcs": 6517,
"##f0": 6518,
"##f9": 6519,
"##f8": 6520,
"##fic": 6521,
"##fies": 6522,
"##fven": 6523,
"##f50": 6524,
"##f65": 6525,
"##wz": 6526,
"##wre": 6527,
"##was": 6528,
"##will": 6529,
"##wise": 6530,
"##qj": 6531,
"##ye": 6532,
"##yQ": 6533,
"##yle": 6534,
"##UA": 6535,
"##Dll": 6536,
"##Dis": 6537,
"##Directory": 6538,
"##Desktop": 6539,
"##Daemon": 6540,
"##OP": 6541,
"##OW": 6542,
"##OnS": 6543,
"##be": 6544,
"##b0": 6545,
"##bar": 6546,
"##back": 6547,
"##boo": 6548,
"##buil": 6549,
"##b33": 6550,
"##bug": 6551,
"##brok": 6552,
"##braries": 6553,
"##jor": 6554,
"##jectiv": 6555,
"##EX": 6556,
"##Eye": 6557,
"##MA": 6558,
"##Min": 6559,
"##Mess": 6560,
"##Man": 6561,
"##Mode": 6562,
"##Memory": 6563,
"##Maf": 6564,
"##Ptr": 6565,
"##Payload": 6566,
"##zagne": 6567,
"##zaLoad": 6568,
"##gor": 6569,
"##gre": 6570,
"##gate": 6571,
"##gst": 6572,
"##gated": 6573,
"##gment": 6574,
"##group": 6575,
"##geth": 6576,
"##gument": 6577,
"##global": 6578,
"##gwre": 6579,
"##11": 6580,
"##15": 6581,
"##5ct": 6582,
"##5b0": 6583,
"##4win": 6584,
"##4Win": 6585,
"##68": 6586,
"##635": 6587,
"##6This": 6588,
"##IO": 6589,
"##Identi": 6590,
"##Image": 6591,
"##ION": 6592,
"##LB": 6593,
"##LSA": 6594,
"##Light": 6595,
"##LUA": 6596,
"##NR": 6597,
"##Net": 6598,
"##Names": 6599,
"##Night": 6600,
"##Need": 6601,
"##An": 6602,
"##Aut": 6603,
"##Action": 6604,
"##Application": 6605,
"##AID": 6606,
"##After": 6607,
"##AUT": 6608,
"##Arg": 6609,
"##Adapted": 6610,
"##Ste": 6611,
"##Sen": 6612,
"##Session": 6613,
"##SAM": 6614,
"##Secre": 6615,
"##SUID": 6616,
"##Sock": 6617,
"##Scheduler": 6618,
"##30": 6619,
"##3ab": 6620,
"##3bt": 6621,
"##Rem": 6622,
"##Root": 6623,
"##RUS": 6624,
"##RARI": 6625,
"##Roast": 6626,
"##RAID": 6627,
"##0m": 6628,
"##0A": 6629,
"##040": 6630,
"##068": 6631,
"##2DLL": 6632,
"##2a6": 6633,
"##Count": 6634,
"##Check": 6635,
"##Cookies": 6636,
"##Caution": 6637,
"##Query": 6638,
"##Tem": 6639,
"##Tech": 6640,
"##Typ": 6641,
"##Tok": 6642,
"##Team": 6643,
"##TCP": 6644,
"##Tries": 6645,
"##Gog": 6646,
"##GIT": 6647,
"##Guard": 6648,
"##G4Win": 6649,
"##81": 6650,
"##83": 6651,
"##800": 6652,
"##822": 6653,
"##82a6": 6654,
"##7f50": 6655,
"##75b0": 6656,
"##Word": 6657,
"##WARE": 6658,
"##WOW": 6659,
"##You": 6660,
"##BE": 6661,
"##Bas": 6662,
"##BLI": 6663,
"##Blast": 6664,
"##BRARI": 6665,
"##HK": 6666,
"##Hat": 6667,
"##Har": 6668,
"##Host": 6669,
"##Hub": 6670,
"##Hook": 6671,
"##HOR": 6672,
"##Func": 6673,
"##V2": 6674,
"##Virtual": 6675,
"##X82a6": 6676,
"##Ks": 6677,
"##Kit": 6678,
"##Kext": 6679,
"##erce": 6680,
"##erting": 6681,
"##erts": 6682,
"##erpr": 6683,
"##erDe": 6684,
"##erGog": 6685,
"##inted": 6686,
"##inated": 6687,
"##inten": 6688,
"##inok": 6689,
"##hem": 6690,
"##eset": 6691,
"##escript": 6692,
"##estation": 6693,
"##onf": 6694,
"##oned": 6695,
"##tell": 6696,
"##temand": 6697,
"##team": 6698,
"##tely": 6699,
"##teull": 6700,
"##tient": 6701,
"##tise": 6702,
"thelanguage": 6703,
"##ecot": 6704,
"##ectivity": 6705,
"##ecautions": 6706,
"##orate": 6707,
"##orting": 6708,
"##orrelate": 6709,
"##orites": 6710,
"##isecond": 6711,
"##ishes": 6712,
"##isoning": 6713,
"##letes": 6714,
"##nding": 6715,
"##ndpoint": 6716,
"tota": 6717,
"touching": 6718,
"togeth": 6719,
"##omation": 6720,
"##registry": 6721,
"##revers": 6722,
"##report": 6723,
"expl": 6724,
"exil": 6725,
"experience": 6726,
"##tional": 6727,
"##tionary": 6728,
"##owRun": 6729,
"wild": 6730,
"##edom": 6731,
"##edup": 6732,
"##icing": 6733,
"##icit": 6734,
"##icient": 6735,
"##icbot": 6736,
"##enes": 6737,
"##enab": 6738,
"##encode": 6739,
"##ential": 6740,
"##ency": 6741,
"##ensic": 6742,
"##atched": 6743,
"##atra": 6744,
"ini": 6745,
"ing": 6746,
"intro": 6747,
"inline": 6748,
"inher": 6749,
"inthe": 6750,
"instrumentation": 6751,
"intial": 6752,
"inbuil": 6753,
"intell": 6754,
"usnig": 6755,
"##ecuted": 6756,
"##arue": 6757,
"##arial": 6758,
"##arigate": 6759,
"##artely": 6760,
"##asm": 6761,
"##asure": 6762,
"##asplo": 6763,
"##asures": 6764,
"##asive": 6765,
"##asedup": 6766,
"##alth": 6767,
"##alys": 6768,
"##alid": 6769,
"##also": 6770,
"##along": 6771,
"##ety": 6772,
"##thing": 6773,
"##that": 6774,
"##thly": 6775,
"fix": 6776,
"##tand": 6777,
"##tant": 6778,
"##tapp": 6779,
"##tached": 6780,
"##tagent": 6781,
"##tachment": 6782,
"##erstand": 6783,
"##ank": 6784,
"willbe": 6785,
"##riare": 6786,
"##mare": 6787,
"##maccount": 6788,
"ofsoft": 6789,
"ofsu": 6790,
"##ateFile": 6791,
"##ulting": 6792,
"begr": 6793,
"beused": 6794,
"below": 6795,
"behind": 6796,
"combo": 6797,
"component": 6798,
"withthe": 6799,
"##ests": 6800,
"##estine": 6801,
"fileSet": 6802,
"fileTries": 6803,
"##ists": 6804,
"##add": 6805,
"##acting": 6806,
"##acts": 6807,
"##active": 6808,
"##acb33": 6809,
"##actise": 6810,
"WinDef": 6811,
"WinWord": 6812,
"loot": 6813,
"loose": 6814,
"iso": 6815,
"isn": 6816,
"issues": 6817,
"isalso": 6818,
"##temp": 6819,
"##tement": 6820,
"##pthem": 6821,
"req": 6822,
"relo": 6823,
"rely": 6824,
"revers": 6825,
"reach": 6826,
"relev": 6827,
"reporting": 6828,
"repair": 6829,
"repres": 6830,
"reboo": 6831,
"exeNote": 6832,
"exeAdapted": 6833,
"exeYou": 6834,
"executiona": 6835,
"executions": 6836,
"executionther": 6837,
"##itly": 6838,
"##itating": 6839,
"##itImage": 6840,
"##ayed": 6841,
"Thisis": 6842,
"Thistest": 6843,
"forge": 6844,
"forward": 6845,
"forensic": 6846,
"##vert": 6847,
"##iable": 6848,
"##ples": 6849,
"##plished": 6850,
"three": 6851,
"thread": 6852,
"testA": 6853,
"##umented": 6854,
"##rome": 6855,
"sure": 6856,
"suit": 6857,
"super": 6858,
"suppl": 6859,
"suff": 6860,
"sugg": 6861,
"suite": 6862,
"surve": 6863,
"##entries": 6864,
"profil": 6865,
"progr": 6866,
"protect": 6867,
"commandline": 6868,
"commandlet": 6869,
"##losed": 6870,
"WindowsIdenti": 6871,
"WindowsSen": 6872,
"Windowsregistry": 6873,
"condu": 6874,
"connect": 6875,
"conven": 6876,
"continu": 6877,
"##iling": 6878,
"##ilie": 6879,
"Explo": 6880,
"Extend": 6881,
"##iffing": 6882,
"anonymous": 6883,
"answ": 6884,
"analys": 6885,
"Powel": 6886,
"userdaemon": 6887,
"useradd": 6888,
"##importing": 6889,
"byimporting": 6890,
"adapt": 6891,
"deobfusc": 6892,
"debug": 6893,
"##cept": 6894,
"##ryout": 6895,
"##quire": 6896,
"thatart": 6897,
"thatthe": 6898,
"thatmemory": 6899,
"Real": 6900,
"Reload": 6901,
"Replic": 6902,
"Repair": 6903,
"atr": 6904,
"attached": 6905,
"ordinal": 6906,
"##urrup": 6907,
"runtime": 6908,
"PowerDump": 6909,
"asc": 6910,
"asingle": 6911,
"##chk": 6912,
"##child": 6913,
"logic": 6914,
"loghost": 6915,
"logman": 6916,
"enumer": 6917,
"enforce": 6918,
"enforced": 6919,
"en0A": 6920,
"Disall": 6921,
"Disabling": 6922,
"act": 6923,
"actu": 6924,
"actual": 6925,
"accom": 6926,
"acquire": 6927,
"##standard": 6928,
"##opatra": 6929,
"scr": 6930,
"scope": 6931,
"scenes": 6932,
"##ftRAID": 6933,
"successfull": 6934,
"##ared": 6935,
"stru": 6936,
"stmxcs": 6937,
"##ableNo": 6938,
"Invent": 6939,
"Invo": 6940,
"Includ": 6941,
"Adapted": 6942,
"PowerShelland": 6943,
"PowerShellMaf": 6944,
"model": 6945,
"modern": 6946,
"successfulport": 6947,
"thisole": 6948,
"thiswe": 6949,
"##igence": 6950,
"Deli": 6951,
"Deobfusc": 6952,
"shadowstorage": 6953,
"shape": 6954,
"##overable": 6955,
"##terfw": 6956,
"##solete": 6957,
"displaying": 6958,
"spread": 6959,
"spoofing": 6960,
"speed": 6961,
"spaces": 6962,
"while": 6963,
"whole": 6964,
"##acking": 6965,
"processed": 6966,
"processwith": 6967,
"##emble": 6968,
"##ipment": 6969,
"##iprv": 6970,
"chain": 6971,
"chsh": 6972,
"chos": 6973,
"chrome": 6974,
"Systems": 6975,
"Systemas": 6976,
"SystemRoot": 6977,
"##ostart": 6978,
"Enables": 6979,
"accountThis": 6980,
"sethc": 6981,
"newer": 6982,
"newly": 6983,
"##ush": 6984,
"##user": 6985,
"##using": 6986,
"##tains": 6987,
"##tainer": 6988,
"##ously": 6989,
"adversely": 6990,
"adversarial": 6991,
"displayedalong": 6992,
"Profile": 6993,
"Proxies": 6994,
"serviceab": 6995,
"Comadmin": 6996,
"Communication": 6997,
"Component": 6998,
"cmds": 6999,
"cmdline": 7000,
"##per2": 7001,
"##peration": 7002,
"##perty": 7003,
"##percase": 7004,
"##perature": 7005,
"separ": 7006,
"segment": 7007,
"##upCommand": 7008,
"basic": 7009,
"basically": 7010,
"Atbrok": 7011,
"scriptUpon": 7012,
"##tration": 7013,
"registryCaution": 7014,
"registryentries": 7015,
"outdated": 7016,
"localized": 7017,
"localwe": 7018,
"##els": 7019,
"Activate": 7020,
"Activities": 7021,
"##agemen": 7022,
"##pening": 7023,
"##pension": 7024,
"installty": 7025,
"allthe": 7026,
"CreateCronj": 7027,
"Short": 7028,
"Should": 7029,
"##iousSAM": 7030,
"##ude": 7031,
"notrans": 7032,
"keeps": 7033,
"downloaders": 7034,
"folderEx": 7035,
"Store": 7036,
"Storing": 7037,
"Starting": 7038,
"Style": 7039,
"##tov4": 7040,
"Chain": 7041,
"Chunks": 7042,
"artif": 7043,
"arbit": 7044,
"archi": 7045,
"arrays": 7046,
"timestomp": 7047,
"Conse": 7048,
"Content": 7049,
"Constr": 7050,
"##ustroyer": 7051,
"##ustrate": 7052,
"useful": 7053,
"informations": 7054,
"informationUpon": 7055,
"##urrence": 7056,
"##ections": 7057,
"##abf65": 7058,
"##aborate": 7059,
"specfic": 7060,
"whichwill": 7061,
"netrc": 7062,
"netsvcs": 7063,
"netmask": 7064,
"week": 7065,
"wevtutil": 7066,
"doing": 7067,
"hosting": 7068,
"##aged": 7069,
"##agment": 7070,
"altit": 7071,
"alert": 7072,
"alias": 7073,
"alters": 7074,
"algor": 7075,
"alerting": 7076,
"peripheral": 7077,
"pertains": 7078,
"usersdps": 7079,
"accesss": 7080,
"accessibl": 7081,
"accesschk": 7082,
"binaries": 7083,
"binpath": 7084,
"##3283": 7085,
"uname": 7086,
"unzip": 7087,
"unquoted": 7088,
"unlike": 7089,
"unauthor": 7090,
"##STAT": 7091,
"##ernal": 7092,
"environ": 7093,
"##erequis": 7094,
"utilityThis": 7095,
"outputs": 7096,
"keyword": 7097,
"keyname": 7098,
"keychain": 7099,
"keyHK": 7100,
"keythat": 7101,
"true": 7102,
"trusted": 7103,
"tricbot": 7104,
"##ression": 7105,
"Administrative": 7106,
"Adminstar": 7107,
"AzureAut": 7108,
"FilePro": 7109,
"Filename": 7110,
"Fileless": 7111,
"privill": 7112,
"privled": 7113,
"privilie": 7114,
"##ickest": 7115,
"ADObject": 7116,
"valuable": 7117,
"##ffee": 7118,
"##filterfw": 7119,
"##ething": 7120,
"DirectorySearch": 7121,
"##shadow": 7122,
"SetFile": 7123,
"##rutil": 7124,
"##ACE": 7125,
"ServiceDll": 7126,
"preference": 7127,
"prepar": 7128,
"prefix": 7129,
"prepare": 7130,
"Defaults": 7131,
"configures": 7132,
"clic": 7133,
"cland": 7134,
"cloned": 7135,
"precur": 7136,
"prints": 7137,
"printing": 7138,
"printen": 7139,
"precautions": 7140,
"practise": 7141,
"requested": 7142,
"requiring": 7143,
"compat": 7144,
"compute": 7145,
"compiling": 7146,
"enclosed": 7147,
"WMIMethod": 7148,
"DLLS": 7149,
"DLLRegisterServer": 7150,
"embed": 7151,
"modifiy": 7152,
"ActiveDirectory": 7153,
"reside": 7154,
"resolution": 7155,
"resulting": 7156,
"resemble": 7157,
"within30": 7158,
"atomicNo": 7159,
"Logoff": 7160,
"executableUpon": 7161,
"delegated": 7162,
"RemoteUpon": 7163,
"RemoteApp": 7164,
"##ribed": 7165,
"Copying": 7166,
"DeleteLog": 7167,
"AtomicAdmin": 7168,
"AtomicUser": 7169,
"AtomicSh": 7170,
"binarycookies": 7171,
"binaryCookies": 7172,
"above": 7173,
"abuses": 7174,
"abused": 7175,
"checkbox": 7176,
"stdin": 7177,
"taskbar": 7178,
"Installs": 7179,
"Netcat": 7180,
"NetTCP": 7181,
"etl": 7182,
"manner": 7183,
"override": 7184,
"overcome": 7185,
"whenever": 7186,
"whenCMD": 7187,
"##tives": 7188,
"##tivated": 7189,
"LocalUpon": 7190,
"LocalAdmin": 7191,
"ProcessName": 7192,
"RunPE": 7193,
"RunPre": 7194,
"RunDLL": 7195,
"Runbook": 7196,
"notic": 7197,
"novel": 7198,
"noise": 7199,
"nothing": 7200,
"prompts": 7201,
"##logs": 7202,
"Executions": 7203,
"Until": 7204,
"Unquoted": 7205,
"Unlike": 7206,
"viewing": 7207,
"viewpoint": 7208,
"viewthe": 7209,
"FireEye": 7210,
"live": 7211,
"living": 7212,
"##does": 7213,
"Listing": 7214,
"ListView": 7215,
"ListCronj": 7216,
"ListSecre": 7217,
"messsage": 7218,
"writable": 7219,
"##duced": 7220,
"throughout": 7221,
"##urations": 7222,
"spawning": 7223,
"SoftRAID": 7224,
"itspath": 7225,
"objectiv": 7226,
"obsolete": 7227,
"stays": 7228,
"static": 7229,
"staged": 7230,
"standpoint": 7231,
"statement": 7232,
"##tifact": 7233,
"##tifestation": 7234,
"logsUpon": 7235,
"networksP": 7236,
"UACDis": 7237,
"##andPro": 7238,
"##tically": 7239,
"loader": 7240,
"disablewin": 7241,
"Compati": 7242,
"launchctl": 7243,
"NTUS": 7244,
"interupt": 7245,
"interactive": 7246,
"intercept": 7247,
"Keeps": 7248,
"Thund": 7249,
"decrease": 7250,
"otherchecks": 7251,
"otherwise": 7252,
"##ithms": 7253,
"##ything": 7254,
"echos": 7255,
"echoes": 7256,
"echoing": 7257,
"plan": 7258,
"parsed": 7259,
"locate": 7260,
"locations": 7261,
"performing": 7262,
"performance": 7263,
"CurrentTem": 7264,
"TestNames": 7265,
"typing": 7266,
"##Proxy": 7267,
"infections": 7268,
"Requiring": 7269,
"Encode": 7270,
"ESXI": 7271,
"JSE": 7272,
"Scenarios": 7273,
"SSHD": 7274,
"SSHRe": 7275,
"SSHLo": 7276,
"VBscript": 7277,
"certificates": 7278,
"eventlogs": 7279,
"systemand": 7280,
"served": 7281,
"secondary": 7282,
"##ords": 7283,
"working": 7284,
"autostart": 7285,
"afterwards": 7286,
"recycle": 7287,
"recoverable": 7288,
"retained": 7289,
"##akness": 7290,
"##erbird": 7291,
"discovered": 7292,
"2012": 7293,
"2019": 7294,
"2016": 7295,
"2011": 7296,
"Simple": 7297,
"Simulation": 7298,
"auditing": 7299,
"butdoes": 7300,
"erli": 7301,
"erasedup": 7302,
"ExplorerSync": 7303,
"args": 7304,
"arguement": 7305,
"modifications": 7306,
"Accessed": 7307,
"Peripheral": 7308,
"RDS": 7309,
"Spread": 7310,
"Spaw": 7311,
"evasive": 7312,
"finding": 7313,
"getting": 7314,
"getglobal": 7315,
"undoc": 7316,
"understand": 7317,
"##Compile": 7318,
"insall": 7319,
"insight": 7320,
"inspection": 7321,
"inserts": 7322,
"offensive": 7323,
"Remoting": 7324,
"Chromes": 7325,
"Aliases": 7326,
"Alias": 7327,
"AltWin": 7328,
"Dumps": 7329,
"DNSAdmin": 7330,
"Manufacturer": 7331,
"RedLine": 7332,
"Redhat": 7333,
"apps": 7334,
"approp": 7335,
"appeal": 7336,
"##Connection": 7337,
"##Config": 7338,
"sudoers": 7339,
"##tocolHandler": 7340,
"EventCode": 7341,
"Maldoc": 7342,
"OpenURL": 7343,
"SOME": 7344,
"esxcli": 7345,
"escape": 7346,
"owned": 7347,
"pofile": 7348,
"points": 7349,
"pointing": 7350,
"pointed": 7351,
"logins": 7352,
"systemsUpon": 7353,
"Allows": 7354,
"AllCheck": 7355,
"AppX82a6": 7356,
"Blast": 7357,
"Resolution": 7358,
"##003": 7359,
"##tectable": 7360,
"##antly": 7361,
"##ant0m": 7362,
"Keychain": 7363,
"003": 7364,
"007": 7365,
"clearing": 7366,
"clearance": 7367,
"nameExecution": 7368,
"##installed": 7369,
"passwordsDB": 7370,
"passwordsdb": 7371,
"specifically": 7372,
"targeting": 7373,
"Blackbit": 7374,
"BlackHat": 7375,
"Checks": 7376,
"Syslog": 7377,
"SysWOW": 7378,
"generation": 7379,
"generates": 7380,
"ipUpon": 7381,
"operate": 7382,
"restric": 7383,
"restoration": 7384,
"exported": 7385,
"exporting": 7386,
"screensaver": 7387,
"installationrar": 7388,
"installationwz": 7389,
"Filesystem": 7390,
"Officeis": 7391,
"Office365": 7392,
"Officeapplication": 7393,
"10Upon": 7394,
"Client": 7395,
"Does": 7396,
"Scheme": 7397,
"##uths": 7398,
"##LITE": 7399,
"exploit": 7400,
"exploits": 7401,
"exploiting": 7402,
"subdomain": 7403,
"subtree": 7404,
"submits": 7405,
"subvert": 7406,
"detections": 7407,
"disks": 7408,
"diskshadow": 7409,
"RegEdit": 7410,
"Regasm": 7411,
"IPC": 7412,
"IPv6": 7413,
"NETUpon": 7414,
"Override": 7415,
"Portal": 7416,
"PortProxy": 7417,
"PersistenceUpon": 7418,
"Scripts": 7419,
"Scriptlet": 7420,
"TaskCache": 7421,
"TaskScheduler": 7422,
"zipped": 7423,
"zipwas": 7424,
"threats": 7425,
"automate": 7426,
"automation": 7427,
"LDAPFil": 7428,
"Prperties": 7429,
"Printer": 7430,
"nonstandard": 7431,
"pschild": 7432,
"sensitivefiles": 7433,
"##leroot": 7434,
"##itional": 7435,
"##netsh": 7436,
"##cconf": 7437,
"##Extension": 7438,
"##ggling": 7439,
"##ING": 7440,
"##itself": 7441,
"Scanner": 7442,
"GPG4Win": 7443,
"PSRem": 7444,
"flagged": 7445,
"msfven": 7446,
"##both": 7447,
"##Package": 7448,
"##astore": 7449,
"beforehand": 7450,
"controllerAn": 7451,
"bypassing": 7452,
"LockerGog": 7453,
"allowed": 7454,
"variablesUpon": 7455,
"AutoSUID": 7456,
"AVs": 7457,
"Hex": 7458,
"Hey": 7459,
"Into": 7460,
"Internal": 7461,
"boxes": 7462,
"elevate": 7463,
"listapp": 7464,
"vulns": 7465,
"##flection": 7466,
"EnableLUA": 7467,
"ProtocolHandler": 7468,
"APIs": 7469,
"behaviors": 7470,
"Emulation": 7471,
"EXO": 7472,
"Subsequent": 7473,
"Trusted": 7474,
"Trickbot": 7475,
"cached": 7476,
"##blue": 7477,
"##PwdCount": 7478,
"##ITY": 7479,
"exfiltrationExp": 7480,
"Deleting": 7481,
"Delegation": 7482,
"Delegate": 7483,
"##agerLoad": 7484,
"LoggingService": 7485,
"legit": 7486,
"leveraged": 7487,
"manuallyor": 7488,
"T1036": 7489,
"T1086": 7490,
"T1098": 7491,
"placement": 7492,
"appearwith": 7493,
"Launchctl": 7494,
"LaunchDaemon": 7495,
"LaunchApplication": 7496,
"BrowserPwn": 7497,
"BrowserSte": 7498,
"Cracking": 7499,
"Certutil": 7500,
"Certificates": 7501,
"Psr": 7502,
"VMware": 7503,
"VMWARE": 7504,
"captureAfter": 7505,
"swapping": 7506,
"tryto": 7507,
"readable": 7508,
"Attribute": 7509,
"driverquery": 7510,
"Environments": 7511,
"LOLB": 7512,
"PromptOnS": 7513,
"Suspension": 7514,
"Tickets": 7515,
"crmlog": 7516,
"industroyer": 7517,
"impaire": 7518,
"impacting": 7519,
"sshd": 7520,
"tweak": 7521,
"wmio": 7522,
"wmiprv": 7523,
"##osed": 7524,
"##aled": 7525,
"##epRoast": 7526,
"##DumpWrite": 7527,
"streams": 7528,
"SharpView": 7529,
"functionalities": 7530,
"hashing": 7531,
"hashdump": 7532,
"updates": 7533,
"escalate": 7534,
"determines": 7535,
"prereqs": 7536,
"journald": 7537,
"journalctl": 7538,
"Argument": 7539,
"Artifact": 7540,
"Bruteforce": 7541,
"Serverity": 7542,
"USB": 7543,
"longer": 7544,
"takeown": 7545,
"##ERT": 7546,
"##Integrity": 7547,
"##SetupCommand": 7548,
"##3356": 7549,
"Examples": 7550,
"specifying": 7551,
"LoginHook": 7552,
"T1133": 7553,
"T1127": 7554,
"T1140": 7555,
"T1115": 7556,
"collector": 7557,
"likelyto": 7558,
"Regsvcs": 7559,
"##ggering": 7560,
"KerberosPr": 7561,
"Binaries": 7562,
"Grae": 7563,
"Impair": 7564,
"OSConfig": 7565,
"Safe": 7566,
"Uppercase": 7567,
"VIRUS": 7568,
"Virtualbox": 7569,
"VirtualBox": 7570,
"hijack": 7571,
"hijacking": 7572,
"idmu": 7573,
"markdown": 7574,
"samplef9": 7575,
"vbscript": 7576,
"vbsIn": 7577,
"##Reflection": 7578,
"filtering": 7579,
"filtered": 7580,
"looks": 7581,
"relies": 7582,
"printers": 7583,
"Automatic": 7584,
"Auditd": 7585,
"Works": 7586,
"avoids": 7587,
"catalog": 7588,
"caption": 7589,
"dsedit": 7590,
"dsenab": 7591,
"granting": 7592,
"pattern": 7593,
"##thew": 7594,
"##ShellHost": 7595,
"##Trickbot": 7596,
"##These": 7597,
"registered": 7598,
"consists": 7599,
"choose": 7600,
"Tools": 7601,
"handle": 7602,
"##tificationPackage": 7603,
"Keystrokes": 7604,
"Screensaver": 7605,
"pointers": 7606,
"listeners": 7607,
"HashNote": 7608,
"CimProvid": 7609,
"CimSession": 7610,
"HelpText": 7611,
"Living": 7612,
"Libraries": 7613,
"PUBLI": 7614,
"Prefetch": 7615,
"Preferen": 7616,
"Popular": 7617,
"Records": 7618,
"Servers": 7619,
"Servicing": 7620,
"SIGMA": 7621,
"blind": 7622,
"blank": 7623,
"destruc": 7624,
"family": 7625,
"heap": 7626,
"meant": 7627,
"measures": 7628,
"pyc": 7629,
"##pecific": 7630,
"##pectives": 7631,
"##CAR": 7632,
"tokens": 7633,
"extracted": 7634,
"extracting": 7635,
"suspend": 7636,
"connectivity": 7637,
"deployed": 7638,
"showcase": 7639,
"showcasing": 7640,
"Provide": 7641,
"Providers": 7642,
"Contained": 7643,
"Connecting": 7644,
"netshnetsh": 7645,
"sockets": 7646,
"socketfilterfw": 7647,
"transparent": 7648,
"AtomicTestHar": 7649,
"records": 7650,
"argumentlist": 7651,
"Performs": 7652,
"postex": 7653,
"Privileges": 7654,
"screenshots": 7655,
"USERNAME": 7656,
"Blob": 7657,
"Blotch": 7658,
"Detail": 7659,
"Esxcli": 7660,
"Fullname": 7661,
"Model": 7662,
"See": 7663,
"SAMR": 7664,
"Vista": 7665,
"Valid": 7666,
"bengin": 7667,
"badPwdCount": 7668,
"emails": 7669,
"gives": 7670,
"mini": 7671,
"oriented": 7672,
"routine": 7673,
"turned": 7674,
"##phere": 7675,
"##nnn": 7676,
"##efly": 7677,
"##12e7": 7678,
"##ADME": 7679,
"##ecureDesktop": 7680,
"##rope": 7681,
"combined": 7682,
"combines": 7683,
"WinRMUpon": 7684,
"replace": 7685,
"replaces": 7686,
"conceal": 7687,
"concealed": 7688,
"advanced": 7689,
"association": 7690,
"InputArg": 7691,
"listings": 7692,
"uninstaller": 7693,
"uninstalling": 7694,
"validate": 7695,
"validation": 7696,
"clicking": 7697,
"presented": 7698,
"overwrite": 7699,
"completely": 7700,
"undetectable": 7701,
"Alternatively": 7702,
"persistanceUpon": 7703,
"removing": 7704,
"removable": 7705,
"SharpHound3": 7706,
"lookedup": 7707,
"CanaryTok": 7708,
"campaigne": 7709,
"campaigns": 7710,
"sayingit": 7711,
"Authority": 7712,
"Authorized": 7713,
"ASRepRoast": 7714,
"Begin": 7715,
"SensitiveFil": 7716,
"browse": 7717,
"browserpwn": 7718,
"caution": 7719,
"causing": 7720,
"cspro": 7721,
"csrutil": 7722,
"datastore": 7723,
"direcot": 7724,
"failures": 7725,
"frameworks": 7726,
"gathering": 7727,
"lauch": 7728,
"lazagne": 7729,
"linker": 7730,
"quickest": 7731,
"samaccount": 7732,
"terminated": 7733,
"##msdd": 7734,
"##86040": 7735,
"##entations": 7736,
"support": 7737,
"suppression": 7738,
"Exfiltrates": 7739,
"##quently": 7740,
"Deployment": 7741,
"unlocks": 7742,
"Machines": 7743,
"manipulate": 7744,
"manipulating": 7745,
"manipulation": 7746,
"RunOnceEx": 7747,
"wordlist": 7748,
"Compiles": 7749,
"Requesting": 7750,
"returns": 7751,
"returned": 7752,
"backdoors": 7753,
"backgroundtask": 7754,
"backgrounditem": 7755,
"Special": 7756,
"Specific": 7757,
"Specified": 7758,
"APTs": 7759,
"APT33": 7760,
"appends": 7761,
"retrieves": 7762,
"primary": 7763,
"Operational": 7764,
"capabilityuses": 7765,
"blueblue": 7766,
"Detailsand": 7767,
"VisualBas": 7768,
"associatedwith": 7769,
"mechanisms": 7770,
"Amnes": 7771,
"Called": 7772,
"DCSync": 7773,
"DynamicCompile": 7774,
"Elevated": 7775,
"Javascript": 7776,
"Stealer": 7777,
"Stealth": 7778,
"Supply": 7779,
"Secret": 7780,
"TGS": 7781,
"Timer": 7782,
"Where": 7783,
"Whoami": 7784,
"Wmic": 7785,
"WmiMethod": 7786,
"close": 7787,
"closes": 7788,
"htaTrickbot": 7789,
"kills": 7790,
"killing": 7791,
"killng": 7792,
"monitored": 7793,
"occurrence": 7794,
"signific": 7795,
"signature": 7796,
"securely": 7797,
"vmm": 7798,
"vmw": 7799,
"xlsx": 7800,
"##polit": 7801,
"##dd75b0": 7802,
"##103356": 7803,
"##444": 7804,
"##NDING": 7805,
"##Attachment": 7806,
"##76acb33": 7807,
"tocorrelate": 7808,
"realm": 7809,
"contacting": 7810,
"controlled": 7811,
"ExternalPayload": 7812,
"antiphish": 7813,
"discovers": 7814,
"Registering": 7815,
"InboxRule": 7816,
"InfoTech": 7817,
"##forcedCode": 7818,
"altered": 7819,
"opensource": 7820,
"notifications": 7821,
"interesting": 7822,
"##Provided": 7823,
"evening": 7824,
"Removing": 7825,
"Intergre": 7826,
"vulnerabilityknown": 7827,
"implementation": 7828,
"impersonate": 7829,
"stealer": 7830,
"stealing": 7831,
"Collector": 7832,
"PUAs": 7833,
"transferand": 7834,
"transferring": 7835,
"Bloodhound": 7836,
"DriverQuery": 7837,
"ErrorAction": 7838,
"breaking": 7839,
"dialogs": 7840,
"dialogue": 7841,
"ignoring": 7842,
"proceeds": 7843,
"ARP": 7844,
"CustomShellHost": 7845,
"Dirty": 7846,
"HypervisorEn": 7847,
"IOKit": 7848,
"IEX": 7849,
"IFM": 7850,
"Messages": 7851,
"Ordinal": 7852,
"PPA": 7853,
"Quartely": 7854,
"Renamed": 7855,
"Target": 7856,
"apple": 7857,
"ccrypt": 7858,
"daemons": 7859,
"everything": 7860,
"effectively": 7861,
"fruits": 7862,
"globalstate": 7863,
"items": 7864,
"krnl": 7865,
"misconfig": 7866,
"perspectives": 7867,
"publicly": 7868,
"titles": 7869,
"teamer": 7870,
"teamviewer": 7871,
"uploaded": 7872,
"##dfd8": 7873,
"##managemen": 7874,
"##UHoH": 7875,
"##bility": 7876,
"##58abf65": 7877,
"##4fdg": 7878,
"##IntoCon": 7879,
"##WithURL": 7880,
"inturrup": 7881,
"invalid": 7882,
"inactivated": 7883,
"reverting": 7884,
"reviewthe": 7885,
"forests": 7886,
"successul": 7887,
"ExpandPro": 7888,
"ExitProcess": 7889,
"ExclusionProcess": 7890,
"ExclusionPath": 7891,
"ExclusionExtension": 7892,
"Powerspolit": 7893,
"depending": 7894,
"dependency": 7895,
"develop": 7896,
"developer": 7897,
"developed": 7898,
"ReportingMode": 7899,
"PowerUpSQL": 7900,
"Injecting": 7901,
"ComputerName": 7902,
"select": 7903,
"selected": 7904,
"selectively": 7905,
"Attachment": 7906,
"Stores": 7907,
"weakness": 7908,
"weaknesses": 7909,
"webserverand": 7910,
"unattended": 7911,
"NetshHelper": 7912,
"libcurl": 7913,
"scheduler": 7914,
"Therefore": 7915,
"authenticated": 7916,
"receive": 7917,
"##00000000": 7918,
"keystrokesProvided": 7919,
"CloudTrail": 7920,
"Notifications": 7921,
"##Execute": 7922,
"HeaderDe": 7923,
"Embedded": 7924,
"crash": 7925,
"crashes": 7926,
"crashing": 7927,
"Identifies": 7928,
"occurs": 7929,
"ignoreboth": 7930,
"McAffee": 7931,
"duplication": 7932,
"ntdsutil": 7933,
"4698": 7934,
"40444": 7935,
"600s": 7936,
"8081": 7937,
"About": 7938,
"Abuse": 7939,
"Directories": 7940,
"Entry": 7941,
"Enterpr": 7942,
"GhostTask": 7943,
"Harcoded": 7944,
"Harvest": 7945,
"HiveNight": 7946,
"NtCre": 7947,
"NtWrite": 7948,
"Panel": 7949,
"Panther": 7950,
"PhishingAttachment": 7951,
"REvil": 7952,
"README": 7953,
"Swap": 7954,
"Switch": 7955,
"Symbolic": 7956,
"Symlink": 7957,
"Terminates": 7958,
"TerminateProcess": 7959,
"UniqueID": 7960,
"Vars": 7961,
"Variable": 7962,
"Weakness": 7963,
"btm": 7964,
"btmp": 7965,
"b64dec": 7966,
"b64encode": 7967,
"drops": 7968,
"dropping": 7969,
"else": 7970,
"elaborate": 7971,
"edge": 7972,
"easier": 7973,
"easiest": 7974,
"harness": 7975,
"harvest": 7976,
"hides": 7977,
"hiding": 7978,
"hanging": 7979,
"hooks": 7980,
"icmp": 7981,
"icacls": 7982,
"jscriptExecution": 7983,
"limit": 7984,
"limiting": 7985,
"matches": 7986,
"mattifestation": 7987,
"ourselves": 7988,
"oldchecks": 7989,
"pair": 7990,
"patient": 7991,
"pgp": 7992,
"pgrep": 7993,
"safe": 7994,
"safety": 7995,
"viruses": 7996,
"##ieMin": 7997,
"##ibi": 7998,
"##ibly": 7999,
"##itate": 8000,
"##itauths": 8001,
"##uHUHoH": 8002,
"##SPACE": 8003,
"##texecuted": 8004,
"explicitly": 8005,
"explicitauths": 8006,
"injecting": 8007,
"##ateProcessReflection": 8008,
"reposit": 8009,
"forked": 8010,
"things": 8011,
"profilesand": 8012,
"ExecIntoCon": 8013,
"detecting": 8014,
"detects": 8015,
"PowercatTo": 8016,
"Username": 8017,
"Usernames": 8018,
"Detecting": 8019,
"Detects": 8020,
"cancels": 8021,
"Located": 8022,
"Locale": 8023,
"utilises": 8024,
"utilised": 8025,
"alternatively": 8026,
"unpack": 8027,
"unpatched": 8028,
"tradecraft": 8029,
"traditional": 8030,
"preferred": 8031,
"encodes": 8032,
"encoding": 8033,
"researcher": 8034,
"AtomicRedTeam": 8035,
"AtomicRedteam": 8036,
"leads": 8037,
"verbose": 8038,
"verbosity": 8039,
"Unloads": 8040,
"decreases": 8041,
"decreasing": 8042,
"parseable": 8043,
"inflight": 8044,
"influence": 8045,
"recommended": 8046,
"2008": 8047,
"Forwarding": 8048,
"ForwardTo": 8049,
"subfolder": 8050,
"subfolders": 8051,
"assume": 8052,
"assumes": 8053,
"GlobalFlag": 8054,
"GlobalFlags": 8055,
"triggerspecific": 8056,
"Cradle": 8057,
"Cradlecraft": 8058,
"guidance": 8059,
"indicatethe": 8060,
"correctly": 8061,
"corresponding": 8062,
"Prevents": 8063,
"quietly": 8064,
"terminatesitself": 8065,
"GPPPasswords": 8066,
"DDEAUT": 8067,
"MiniDumpWrite": 8068,
"DeviceGuard": 8069,
"receives": 8070,
"received": 8071,
"1803": 8072,
"1809": 8073,
"AppleScript": 8074,
"Assistive": 8075,
"Assistant": 8076,
"MirrorBlast": 8077,
"SACLThese": 8078,
"WORKSTAT": 8079,
"WORKSPACE": 8080,
"covertly": 8081,
"dedicatedservice": 8082,
"facilitating": 8083,
"facilitate": 8084,
"tunneling": 8085,
"accordingly": 8086,
"AllTheThingsx64": 8087,
"badpwdcountNeed": 8088,
"0F00000000": 8089,
"120": 8090,
"2316": 8091,
"4776": 8092,
"5Mb": 8093,
"9999": 8094,
"Available": 8095,
"ACL": 8096,
"Applescript": 8097,
"AUTHOR": 8098,
"Astaroth": 8099,
"BazaLoad": 8100,
"Builder": 8101,
"Bundles": 8102,
"BLIND": 8103,
"CVE": 8104,
"Cleared": 8105,
"CookieMin": 8106,
"CLSID": 8107,
"DYLD": 8108,
"DotNet": 8109,
"Downgrade": 8110,
"Doki": 8111,
"Europe": 8112,
"EICAR": 8113,
"Ethernet": 8114,
"Empire": 8115,
"Establishes": 8116,
"Fragment": 8117,
"Finally": 8118,
"Favorites": 8119,
"FIN7": 8120,
"Federation": 8121,
"GitHub": 8122,
"Gamarue": 8123,
"Grouper2": 8124,
"Gozi": 8125,
"Gpg4win": 8126,
"HuHuHUHoH": 8127,
"Ifyou": 8128,
"INSERT": 8129,
"Kleopatra": 8130,
"Kali": 8131,
"Kirk": 8132,
"KextMan": 8133,
"LEGIT": 8134,
"LIBRARI": 8135,
"Limits": 8136,
"LLMNR": 8137,
"Lowercase": 8138,
"Measure": 8139,
"Media": 8140,
"Matthew": 8141,
"Metasplo": 8142,
"Migration": 8143,
"Mocking": 8144,
"NMap": 8145,
"Number": 8146,
"NcatTo": 8147,
"OOBE": 8148,
"OIIO": 8149,
"OSAScript": 8150,
"Odbcconf": 8151,
"Poisoning": 8152,
"Phant0m": 8153,
"PENDING": 8154,
"PTH": 8155,
"Pattern": 8156,
"Persist": 8157,
"Podman": 8158,
"PostMess": 8159,
"Parameters": 8160,
"RtlCre": 8161,
"RUN": 8162,
"RansomEX": 8163,
"RPRN": 8164,
"Said": 8165,
"SIEM": 8166,
"SQLITE": 8167,
"STOP": 8168,
"SeriousSAM": 8169,
"Sodinok": 8170,
"Solarigate": 8171,
"Sayre": 8172,
"String": 8173,
"Subnet": 8174,
"Smuggling": 8175,
"Two": 8176,
"TTL": 8177,
"TermService": 8178,
"Triggering": 8179,
"Technolog": 8180,
"Typically": 8181,
"Tsharkinstalled": 8182,
"T505": 8183,
"TMPFILE": 8184,
"Vanity": 8185,
"VMDKs": 8186,
"WannaC": 8187,
"Worming": 8188,
"WSReset": 8189,
"Xclip": 8190,
"XInitImage": 8191,
"ZIP": 8192,
"akteull": 8193,
"aureport": 8194,
"awareness": 8195,
"audio": 8196,
"atacker": 8197,
"applies": 8198,
"amongst": 8199,
"agruments": 8200,
"blending": 8201,
"broken": 8202,
"briefly": 8203,
"bottom": 8204,
"bundled": 8205,
"bitsdam": 8206,
"brittle": 8207,
"coerce": 8208,
"carryout": 8209,
"carefully": 8210,
"course": 8211,
"cryptojacking": 8212,
"crucial": 8213,
"dictionary": 8214,
"dumpthem": 8215,
"described": 8216,
"dynamically": 8217,
"equipment": 8218,
"essential": 8219,
"flush": 8220,
"ftp": 8221,
"frustrate": 8222,
"freedom": 8223,
"false": 8224,
"front": 8225,
"falcond": 8226,
"focused": 8227,
"feedback": 8228,
"gecko": 8229,
"gaps": 8230,
"hlk": 8231,
"hunting": 8232,
"hotfix": 8233,
"hourly": 8234,
"hardcoded": 8235,
"happening": 8236,
"hosted": 8237,
"irrevers": 8238,
"illicit": 8239,
"identifies": 8240,
"ioreg": 8241,
"javascript": 8242,
"kuhl": 8243,
"major": 8244,
"mktemp": 8245,
"m4a": 8246,
"monthly": 8247,
"massive": 8248,
"mstsc": 8249,
"minute": 8250,
"mouse": 8251,
"millisecond": 8252,
"nominated": 8253,
"navigate": 8254,
"nnnnnnnn": 8255,
"opperation": 8256,
"ouput": 8257,
"oleObject": 8258,
"optoin": 8259,
"opposed": 8260,
"ppk": 8261,
"phrase": 8262,
"p7b": 8263,
"pane": 8264,
"purepow": 8265,
"pheripheral": 8266,
"pixels": 8267,
"peek": 8268,
"pnputil": 8269,
"queue": 8270,
"queried": 8271,
"rtf": 8272,
"risk": 8273,
"robust": 8274,
"sniffing": 8275,
"sheduled": 8276,
"something": 8277,
"situation": 8278,
"solutions": 8279,
"split": 8280,
"sector": 8281,
"syncing": 8282,
"t1003": 8283,
"testexecuted": 8284,
"tactic": 8285,
"taken": 8286,
"t1059": 8287,
"untested": 8288,
"v4tov4": 8289,
"vSphere": 8290,
"virt": 8291,
"vmdks": 8292,
"volumes": 8293,
"wtmp": 8294,
"w64time": 8295,
"xClip": 8296,
"ypprop": 8297,
"zones": 8298,
"##o283283": 8299,
"##tn5ct": 8300,
"##a158abf65": 8301,
"##amatically": 8302,
"##c7dd75b0": 8303,
"##sSection": 8304,
"##sheet": 8305,
"##uasar": 8306,
"##f07f50": 8307,
"##f8msdd": 8308,
"##qjf8msdd": 8309,
"##yQuasar": 8310,
"##Ptrs": 8311,
"##gwre4fdg": 8312,
"##635tn5ct": 8313,
"##IONThe": 8314,
"##Sock2DLL": 8315,
"##3ab068": 8316,
"##3bt635tn5ct": 8317,
"##Type": 8318,
"##800f07f50": 8319,
"##8226This": 8320,
"##FuncPtrs": 8321,
"##VirtualMemory": 8322,
"##KextWithURL": 8323,
"totally": 8324,
"together": 8325,
"exploration": 8326,
"exiltration": 8327,
"introduced": 8328,
"inherits": 8329,
"inbuilt": 8330,
"intelligence": 8331,
"ofsoftware": 8332,
"ofsubsequent": 8333,
"begrayed": 8334,
"combos": 8335,
"##estinely": 8336,
"fileSetting": 8337,
"WinDefend": 8338,
"relocation": 8339,
"reverse": 8340,
"relevant": 8341,
"representations": 8342,
"rebooted": 8343,
"executionthere": 8344,
"superuser": 8345,
"supply": 8346,
"sufficient": 8347,
"suggests": 8348,
"survey": 8349,
"profiler": 8350,
"programatically": 8351,
"WindowsIdentity": 8352,
"WindowsSensor": 8353,
"conducts": 8354,
"connects": 8355,
"conventional": 8356,
"continuously": 8357,
"Exploitation": 8358,
"answers": 8359,
"analysis": 8360,
"Poweliks": 8361,
"adaptor": 8362,
"deobfuscates": 8363,
"debugging": 8364,
"Replicating": 8365,
"enumerated": 8366,
"enforcement": 8367,
"DisallowRun": 8368,
"actually": 8369,
"accomplished": 8370,
"acquireLSA": 8371,
"structure": 8372,
"stmxcsr": 8373,
"##ableNotify": 8374,
"Inventory": 8375,
"Invokes": 8376,
"Include": 8377,
"PowerShellMafia": 8378,
"thisoleObject": 8379,
"Delivery": 8380,
"Deobfuscate": 8381,
"spreadsheet": 8382,
"chosen": 8383,
"serviceabuse": 8384,
"Communications": 8385,
"Components": 8386,
"separate": 8387,
"Atbroker": 8388,
"localwebserver": 8389,
"installtype": 8390,
"CreateCronjob": 8391,
"notransaction": 8392,
"folderExample": 8393,
"artifacts": 8394,
"arbitrarily": 8395,
"archived": 8396,
"Consequently": 8397,
"ContentType": 8398,
"Constrained": 8399,
"weekly": 8400,
"altitude": 8401,
"algorithms": 8402,
"usersdpsLight": 8403,
"accessiblity": 8404,
"unzipped": 8405,
"unlikely": 8406,
"unauthorized": 8407,
"environement": 8408,
"##erequisite": 8409,
"keyHKLM": 8410,
"Adminstartion": 8411,
"AzureAutomation": 8412,
"FileProtocolHandler": 8413,
"privilleged": 8414,
"privledges": 8415,
"privilieges": 8416,
"DirectorySearcher": 8417,
"preparation": 8418,
"clandestinely": 8419,
"precursor": 8420,
"printenv": 8421,
"embeds": 8422,
"modifiying": 8423,
"atomicNotificationPackage": 8424,
"delegatedas": 8425,
"AtomicAdministrator": 8426,
"AtomicShim": 8427,
"NetTCPConnection": 8428,
"RunPreSetupCommand": 8429,
"noticed": 8430,
"ListCronjobs": 8431,
"ListSecrets": 8432,
"objectives": 8433,
"networksPython": 8434,
"UACDisableNotify": 8435,
"disablewindows": 8436,
"Compatibility": 8437,
"NTUSER": 8438,
"Thunderbird": 8439,
"CurrentTemperature": 8440,
"SSHRemote": 8441,
"SSHLocal": 8442,
"erlier": 8443,
"erasedups": 8444,
"Spawnd": 8445,
"getglobalstate": 8446,
"undocumented": 8447,
"AltWinSock2DLL": 8448,
"DNSAdmins": 8449,
"appropriare": 8450,
"appealing": 8451,
"AllChecks": 8452,
"AppX82a6gwre4fdg": 8453,
"SysWOW64": 8454,
"restrict": 8455,
"installationwzzip": 8456,
"subdomains": 8457,
"LDAPFilter": 8458,
"pschildname": 8459,
"PSRemoting": 8460,
"msfvenom": 8461,
"LockerGoga": 8462,
"listapps": 8463,
"Subsequently": 8464,
"exfiltrationExpected": 8465,
"DelegateExecute": 8466,
"##agerLoadKextWithURL": 8467,
"LoggingServiceV2": 8468,
"BrowserStealer": 8469,
"LOLBAS": 8470,
"PromptOnSecureDesktop": 8471,
"industroyer2": 8472,
"tweaking": 8473,
"wmiobject": 8474,
"wmiprvse": 8475,
"ArgumentList": 8476,
"KerberosPrerequisite": 8477,
"Graeber": 8478,
"samplef986040": 8479,
"dseditgroup": 8480,
"dsenableroot": 8481,
"CimProvider": 8482,
"PUBLIC": 8483,
"Preferences": 8484,
"destructive": 8485,
"transparently": 8486,
"AtomicTestHarnesses": 8487,
"BlotchyQuasar": 8488,
"##12e7dfd8": 8489,
"InputArgs": 8490,
"CanaryToken": 8491,
"Beginning": 8492,
"SensitiveFiles": 8493,
"csproj": 8494,
"direcotry": 8495,
"samaccountname": 8496,
"backgroundtaskmanagemen": 8497,
"backgrounditems": 8498,
"VisualBasic": 8499,
"Amnesia": 8500,
"significantly": 8501,
"##1033563ab068": 8502,
"##76acb33a158abf65": 8503,
"ExternalPayloads": 8504,
"##forcedCodeIntegrity": 8505,
"Intergrety": 8506,
"HypervisorEnforcedCodeIntegrity": 8507,
"Quartelyreport": 8508,
"misconfigurations": 8509,
"inturruption": 8510,
"ExpandProperty": 8511,
"HeaderDeletes": 8512,
"Enterprise": 8513,
"HiveNightmare": 8514,
"NtCreateFile": 8515,
"NtWriteVirtualMemory": 8516,
"b64decode": 8517,
"harvesting": 8518,
"repository": 8519,
"ExecIntoContainer": 8520,
"DDEAUTO": 8521,
"MiniDumpWriteDump": 8522,
"WORKSTATIONThe": 8523,
"AUTHORITY": 8524,
"BazaLoader": 8525,
"CookieMiner": 8526,
"HuHuHUHoHo283283": 8527,
"KextManagerLoadKextWithURL": 8528,
"LIBRARIES": 8529,
"Metasploit": 8530,
"PostMessage": 8531,
"RtlCreateProcessReflection": 8532,
"RansomEXX": 8533,
"Sodinokibi": 8534,
"Technologies": 8535,
"WannaCry": 8536,
"XInitImageFuncPtrs": 8537,
"akteullen": 8538,
"bitsdamin": 8539,
"irreversibly": 8540,
"milliseconds": 8541,
"purepowershell": 8542,
"situational": 8543,
"v4tov4Upon": 8544,
"##c7dd75b012e7dfd8": 8545,
"##qjf8msdd2": 8546,
"##3bt635tn5ctqjf8msdd2": 8547,
"##800f07f508226This": 8548,
"RunPreSetupCommandsSection": 8549,
"AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2": 8550,
"samplef986040c7dd75b012e7dfd8": 8551,
"backgroundtaskmanagementagent": 8552,
"##1033563ab068800f07f508226This": 8553,
"##76acb33a158abf651033563ab068800f07f508226This": 8554,
"samplef986040c7dd75b012e7dfd876acb33a158abf651033563ab068800f07f508226This": 8555
}
}
}