<?xml version="1.0" encoding="utf-8"?>
<Filters xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="filters.xsd">

	<!-- 2024-08-20T17:39:00.000Z-1724175557 -->

<!-- ############################################################################################################### -->
<!-- Part 0001 Start 2021-10-12T13:22:00.000Z-1634044928 -->
	<Image Id="{43E7B014-0E64-92FB-5446311C231079C8}" CmdLine="C:\windows\system32\conhost.exe 0xffffffff -ForceV1" />
	<Image Id="{5226E941-8D66-4CC7-B0556ECFA33C51F5}" CmdLine="C:\Program Files\Websense\Websense Endpoint\UserSessionIDProvider.exe  chrome-extension://*/ --parent-window=0 " >
		<VersionInfo ProductName="Forcepoint™ ENDPOINT" OrignFileName="UserSessionIDProvider.dll" FileDescription="User Session ID Provioder" />
	</Image>
	<Image Id="{6446E941-8D66-4CC7-B0556ECFA33C51F5}" CmdLine="C:\Program Files\Websense\Websense Endpoint\UserSessionIDProvider.exe  chrome-extension://*/ --parent-window=0" >
		<VersionInfo ProductName="Forcepoint™ ENDPOINT" OrignFileName="UserSessionIDProvider.dll" FileDescription="User Session ID Provioder" />
	</Image>
	<Image Id="{095A17C4-FC0A-B254-BDF488B9C10FF137}" CmdLine="c:\windows\system32\cmd.exe /d /c c:\program files\websense\websense endpoint\usersessionidprovider.exe chrome-extension://*/ --parent-window=0 &#60; \\.\pipe\*" />
	<Image Id="{2158269E-3241-5D23-B6D99988729FABE9}" CmdLine="c:\program files\websense\websense endpoint\/filtersdk\kvoop.exe ???* ???* ? ???* ???* ???*" >
		<VersionInfo ProductName="keyview" OrignFileName="kvoop.exe" FileDescription="keyview oop app" />
	</Image>
	<Image Id="{FA4F690D-906A-7426-EA064FB023DC9C8F}" Path="c:\program files\conexant\*\caudiofilteragent64.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{BD816C42-47AE-3042-078EFAAF39DADA5A}" Path="c:\program files\conexant\*\sacpl.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{32BCE0B1-6CF7-2D04-E3E728AEA2184CD4}" Path="c:\program files\conexant\*\appfollower.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{88CED381-9FCE-C2A7-A9919856CF8C626B}" Path="c:\program files\conexant\*\flow.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{FABDDEF6-E819-643E-9332993E5284DA78}" Path="c:\program files\conexant\*\flowtray.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{D4F99CFA-BEF6-FA7B-EE3AB238BFEE4E7C}" Path="c:\program files\conexant\*\mictray64.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{42B54B7A-D29F-D669-DFE2D92E395BF08F}" Path="c:\program files\conexant\*\cnxtnotify.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{D9686917-01A9-7955-1C074141A118209E}" Path="c:\program files\conexant\*\smartaudio3.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{E4037310-CF6E-DDA1-A65835EBB5657C23}" Path="c:\program files\conexant\*\cxutilsvc.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{C0FEE986-3001-2C5D-E00B2C9BB3F5C5D6}" Path="c:\program files\conexant\*\smartaudio.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{B62AF9A6-2569-D645-50774C76B468D6A8}" Path="c:\program files\windowsapps\22094synapticsincorporate.*\cxuiuexe.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{0B31308E-0FDE-DFFB-9F88616329449473}" Path="c:\program files\windowsapps\22094synapticsincorporate.*\smartaudio3.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{BCA60C5D-F9B5-942A-32FC79E0E0F69C54}" Path="c:\program files\windowsapps\22094synapticsincorporate.*\flow.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{DD363772-0622-5461-483564F4AB6EC409}" Path="c:\program files\windowsapps\22094synapticsincorporate.*\cnxtnotify.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{CDB50E51-EF3C-9C46-D5250675338C7F11}" Path="c:\windows\cxsvc\cxaudiosvc.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{E931E247-FBA5-2434-2D144920CD5D6246}" Path="c:\windows\cxsvc\cxmonsvc.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{63BDD4A2-6D18-847F-D278E253B352F61F}" Path="c:\windows\cxsvc\cxutilsvc.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{4A4AD056-8C14-B49A-656E7AB4B85C6DE1}" Path="c:\windows\cxsvc\uwplauncher.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{39CBC1F2-9FAC-D7C3-7685325E2E96FC07}" Path="c:\windows\system32\cxaudmsg64.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{F5A83A9D-B99F-5C73-4F4C2C504B9B5826}" Path="c:\windows\system32\cxuiusvc64.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{50184EAC-CE12-D023-A37BAC5E705CFDA7}" Path="c:\windows\system32\mictray64.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{0A7D9C2F-67CA-D791-C5389C9FA658DFF2}" Path="c:\windows\system32\sasrv.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{91EA8506-BAE6-D285-3D3519332148CD06}" Path="c:\windows\syswow64\uiusrv.exe" >
		<Signature Subject="*Conexant*" />
	</Image>
	<Image Id="{60149D3F-F6B1-A045-8DECA3E1F5A36055}" Path="c:\program files\websense\websense endpoint\endpointclassifier.exe" >
		<Signature Subject="*Forcepoint*" />
	</Image>
	<Image Id="{7BD0B5B2-D19D-7D35-9CA9D6C4103C30FA}" Path="c:\program files\websense\websense endpoint\fppsvc.exe" >
		<Signature Subject="*Forcepoint*" />
	</Image>
	<Image Id="{C914C7CE-6972-DAB8-63D64D6F0E57A7B7}" Path="c:\program files\websense\websense endpoint\dserui.exe" >
		<Signature Subject="*Forcepoint*" />
	</Image>
	<Image Id="{6A203FBC-C3F8-F6FA-6CE213E246E8DBD5}" Path="c:\program files\websense\websense endpoint\f1eui.exe" >
		<Signature Subject="*Forcepoint*" />
	</Image>
	<Image Id="{C7F8D590-8F2D-F683-182A1F1E247A6866}" Path="c:\program files\websense\websense endpoint\wepsvc.exe" >
		<Signature Subject="*Forcepoint*" />
	</Image>
	<Image Id="{32630127-CC8F-4B03-AA16B3EBFC8FC821}" Path="c:\windows\system32\epdservice.exe" >
		<Signature Subject="*MICROELECTRONICS*" />
	</Image>
	<Image Id="{D14AA0DC-2AE2-C449-E231A88E7589D3E6}" Path="c:\windows\system32\etdservice.exe" >
		<Signature Subject="*MICROELECTRONICS*" />
	</Image>
	<Image Id="{529E7B62-6BD5-FD8E-00BB861A3D703F44}" Path="c:\program files\elantech\etdservice.exe" >
		<Signature Subject="*MICROELECTRONICS*" />
	</Image>
	<Image Id="{71F808B1-5A5B-1CF3-0D2CB493F15E8947}" Path="c:\program files\elantech\etdctrlhelper.exe" >
		<Signature Subject="*MICROELECTRONICS*" />
	</Image>
	<Image Id="{AB447FA4-7650-A78A-840088DB63ECFE24}" Path="c:\program files\elantech\etdctrl.exe" >
		<Signature Subject="*MICROELECTRONICS*" />
	</Image>
	<Image Id="{47B2B469-6CD8-F173-B007C5313DA2E3D3}" Path="c:\windows\system32\epdctrl.exe" >
		<Signature Subject="*MICROELECTRONICS*" />
	</Image>
	<Image Id="{7FDCCF22-1D4B-3B28-F08FDE601666FC26}" Path="c:\windows\system32\etdctrl.exe" >
		<Signature Subject="*MICROELECTRONICS*" />
	</Image>
	<Image Id="{7AECF937-F1CE-E1FA-93C24AE492E13223}" Path="c:\program files\fidelis\endpoint\platform\felt.exe" >
		<Signature Subject="*Fidelis Cybersecurity*" />
	</Image>
<!-- Part 0001 End 2021-10-12T13:22:00.000Z-1634044928 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0002 Start 2021-10-15T01:15:00.000Z-1634260540 -->
	<Image Id="{59B59335-749F-D50E-D5D31D329FB18344}" CmdLine="c:\program files (x86)\microsoft visual studio\2019\professional\common7\ide\extensions\testplatform\extensions\..//testhost.net48.x86.exe  --port * --endpoint 127.0.0.1:* --role client --parentprocessid * --telemetryoptedin false" />
	<Image Id="{08FB985A-E0D6-69D6-C383BB7DB434807D}" CmdLine="node   c:\autotests\protractorautotests\e2e\node_modules\.bin\\..\protractor\bin\protractor protractor.conf.js" />
<!-- Part 0002 End 2021-10-15T01:15:00.000Z-1634260540 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0003 Start 2021-10-16T00:55:00.000Z-1634345726 -->
	<Image Id="{E356905B-8807-53C5-16AB7C5961AD6994}" Path="*Enterprise Vault\EVIndexing\bin\collection-service-dispatch.exe" >
		<Hash MD5="53d6af2bbeed349bae1b30c3f6a9d924" />
	</Image>
<!-- Part 0003 End 2021-10-16T00:55:00.000Z-1634345726 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0004 End 2021-10-20T19:10:00.000Z-1634757024 -->
	<Image Id="{C90B249D-B20D-CADF-7A5C099814539D5E}" CmdLine="c:\windows\lsdeployment\remotedeployment_x64.exe ????????-????-????-????-????????????" >
		<Signature Subject="*Lansweeper*" />
	</Image>
<!-- Part 0004 End 2021-10-20T19:10:00.000Z-1634757024 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0005 2024-08-20T17:38:00.000Z-1724175488 -->
	<Image Id="{604E4D90-BBDB-5F4B-C8B244211D38E206}" Path="*kaspersky lab\endpoint agent*\umloader.exe" >
		<Signature Subject="*Kaspersky*" />
	</Image>
	<Image Id="{DE0C5AD4-CAC8-7FCB-1513C9F5F84F8008}" Path="*kaspersky lab\kaspersky endpoint security*\avp.exe" >
		<Signature Subject="*Kaspersky*" />
	</Image>
	<Image Id="{2CB0D731-C25A-2D35-F786F7CF48F06839}" Path="*kaspersky lab\networkagent\klnagent.exe" >
		<Signature Subject="*Kaspersky*" />
	</Image>
	<Image Id="{704E4D90-BBDB-5F4B-D8B244211D38E206}" Path="*kaspersky lab\endpoint agent*\umloader.exe" >
		<Signature Subject="too midori trading" />
	</Image>
	<Image Id="{EE0C5AD4-CAC8-7FCB-2513C9F5F84F8008}" Path="*kaspersky lab\kaspersky endpoint security*\avp.exe" >
		<Signature Subject="too midori trading" />
	</Image>
	<Image Id="{3CB0D731-C25A-2D35-0786F7CF48F06839}" Path="*kaspersky lab\networkagent\klnagent.exe" >
		<Signature Subject="too midori trading" />
	</Image>
	<Image Id="{BF6427EA-40DA-11BC-723E8CBF12F1B4F3}" Path="*zecurion\endpoint\zgu_agent64.exe" >
		<Signature Subject="*SecurIT*" />
	</Image>
	<Image Id="{0BE252BA-1970-3B51-E1973C0B95389FE1}" CmdLine="*zecurion\endpoint\zlu_agent64.exe -pid:*" >
		<Signature Subject="*SecurIT*" />
	</Image>
	<Image Id="{8FE84CAE-D799-E966-2285497E2FAB7C34}" CmdLine="C:\WINDOWS\SYSTEM32\cmd.exe /c C:\WINDOWS\LtcJobs\Task\runonce-MainScript.BAT*" />
	<Image Id="{58F44F19-8A0B-D9B0-B756A16750F959F3}" CmdLine="c:\windows\ltcjobs\task\runonce-mainscript.bat\..\*" />
	<Image Id="{9D646EB1-63D2-FD65-DB52C89C04B7978C}" CmdLine="./tube-vc120.exe --pipe*" >
		<Signature Subject="*DSSL*" />
	</Image>
	<Image Id="{2B45D727-85CD-1A4D-212E348C897CA916}" Path="*epson\myepson portal\64driverload.exe" >
		<Signature Subject="*Epson*" />
	</Image>
	<Image Id="{48FA70FD-2F2E-2432-46C5ABB15C059E9A}" CmdLine="c:\program files (x86)\initplusmonitor\initplusmonitor\isolatedvivotekplayerserverapp.exe /command-pipe-name vivotekplayercommandpipe*" />
	<Image Id="{3B770C09-223D-0EA1-56FCD4ECBD21FEB3}" CmdLine="C:\Program Files (x86)\Zecurion\Endpoint\ffcertutils\certutil.exe  -A -n Zecurion Zgate Web*" />
	<Image Id="{5B6E2718-BD0C-BCC7-3D95700DA2E80E1B}" CmdLine="c:\th\td15\rc\exe\curl.exe  -0 --trace-ascii test.txt -x post -h*" />
	<Image Id="{D0480406-FE9A-DC6E-74F4A8525628716E}" CmdLine="c:\windows\ccm\updatetrustedsites.exe false  s-1-5-21-*" />
	<Image Id="{6E671391-7E42-AA52-D1427B980C3191A7}" CmdLine="c:\windows\microsoft.net\framework*\csc.exe /noconfig /fullpaths @c:\windows\temp*" />
	<Image Id="{9718D50D-E26C-778D-0B7B326FC4F0FEBD}" CmdLine="c:\windows\microsoft.net\framework*\ngen.exe uninstall c:\windows\assembly\nativeimages_v*" />
	<Image Id="{E4AAFC68-1EC2-1046-FB0D2F17E5967087}" CmdLine="c:\windows\system32\searchfilterhost.exe ? ???*" />
	<Image Id="{26626A1D-7B7A-56E6-6E633BCA5B56E115}" CmdLine="c:\windows\syswow64\searchfilterhost.exe ? ???*" />
	<Image Id="{F4C1C6A0-F5A7-FABE-CE2FE480A6934E17}" CmdLine="c:\windows\system32\searchprotocolhost.exe global\*" />
	<Image Id="{1E770825-BEF0-858F-424C30A315305747}" CmdLine="c:\windows\syswow64\searchprotocolhost.exe global\*" />
	<Image Id="{560BFEF4-F248-57DC-12AD1EFFBE82969E}" CmdLine="c:\windows\system32\wudfhost.exe -hostguid:{*" />
	<Image Id="{66D3B8A3-4346-A685-3E2AA6C87A4FC088}" CmdLine="logonui.exe /flags:0x0 /state0:0x???????? /state1:0x????????" />
	<Image Id="{387067D8-EC38-5342-88C51DDD942A9B0D}" CmdLine="c:\cntc\stc.exe  - - 0 - c:\atd\atd\ast*" />
	<Image Id="{D2C3649A-E461-DF81-CF044572E8AB029A}" CmdLine="c:\cntc\stc.exe  - - 0 - wrevis*" />
	<Image Id="{24A220FE-3D8D-C6C9-A5FE5C1292C0D8EF}" CmdLine="c:\program files (x86)\citrix*" >
		<Signature Subject="Citrix*" />
	</Image>
	<Image Id="{34F2D1BB-A7FA-18B3-1D0A24584BA805D9}" CmdLine="c:\windows\microsoft.net\framework*\cvtres.exe /nologo /readonly /machine:*" />
	<Image Id="{407600C4-DC3C-F963-C01D025AAD3AE60A}" CmdLine="c:\windows\microsoft.net\framework*\mscorsvw.exe -startupevent ??? -interruptevent ? -ngenprocess*" />
	<Image Id="{EFC3BCFB-D260-A700-32CA1B54F1EC0CF7}" CmdLine="c:\windows\system32\audiodg.exe 0x??? 0x???" />
	<Image Id="{463B9486-6344-133E-F3CD27BA43DD72D3}" CmdLine="c:\windows\system32\audiodg.exe 0x???" />
	<Image Id="{390E6DC7-2FA7-D343-322CF598EC64AB6A}" CmdLine="c:\windows\system32\cmd.exe /c c:\cntc\stc.bat 0 c:\atd\atd\ast*" />
	<Image Id="{3F01C647-D94D-0643-05B811E1588BDDED}" CmdLine="c:\windows\system32\cmd.exe /c c:\cntc\stc.bat 0 wrevis*" />
	<Image Id="{35B78553-8CB6-2233-A113F7E1B4500ACA}" CmdLine="c:\windows\system32\werfault.exe -u -p * -s *" />
	<Image Id="{370E7E5D-1DA6-5AD9-88598D81F2E05CA5}" CmdLine="c:\windows\syswow64\werfault.exe -u -p .* -s *" />
	<Image Id="{A0D7B462-80B6-688E-9C4AA2F66A0B10A5}" CmdLine="C:\Windows\system32\rundll32.exe C:\Windows\system32\chakra.dll" />
	<Image Id="{64C7368C-64AF-93A0-C4B5AD47DF0B836C}" CmdLine="DumpDiagInfo" />
	<Image Id="{9A62D294-D3E1-1AEB-B6246373AF2D261D}" CmdLine="ztray64.exe -pid:*" >
		<Signature Subject="*SecurIT*" />
	</Image>
	<Image Id="{18D6CEF4-74E6-9B6A-C68439093C7A9F3D}" Path="c:\program files (x86)\landesk\ldclient\selfelectcontroller.exe" >
		<VersionInfo ProductName="%kl_undef%" FileDescription="%kl_undef%" />
	</Image>
	<Image Id="{B97AD8C0-4893-732E-E43C9FCED557669C}" CmdLine="c:\windows\system32\runtimebroker.exe -embedding" />
<!-- Part 0005 2024-08-20T17:38:00.000Z-1724175488 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0006 2022-01-11T19:15:00.000Z-1641928543 -->
	<Image Id="{0E26B090-F3EC-B570-49AF56198DDCE461}" CmdLine="c:\program files (x86)\360\360drvmgr\scriptexecute.exe /uninstallsrv" >
		<Signature Subject="*Beijing Qihu*" />
	</Image>
	<Image Id="{0A6E231E-4C32-0C3D-D1105C46676E0815}" CmdLine="c:\program files (x86)\360\360drvmgr\360drvmgr.exe -bootstarttempmonitor" >
		<Signature Subject="*Beijing Qihu*" />
	</Image>
	<Image Id="{9C4F3BD7-7292-32B5-B34FC82AA6163D5F}" CmdLine="c:\windows\system32\net.exe start xtimagentmgr" />
	<Image Id="{9E58AFC4-4620-86F0-AFCA88607C5BDC35}" CmdLine="c:\windows\system32\net1 start xtimagentmgr" />
<!-- Part 0006 2022-01-11T19:15:00.000Z-1641928543 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0007 2022-04-29T16:18:00.000Z-1651249114 -->
<!-- Part 0007 2022-04-27T19:14:00.000Z-1651086889 -->
<!-- Part 0007 2022-01-14T15:24:00.000Z-1642173863 -->
	<Image Id="{751E146A-5D45-0191-7BF3A5B45E12818F}" CmdLine="*Virtual Machine\Guest\Parameters /v PhysicalHostName&#39;) do @echo %i Auto&#x26;&#x26;exit" />
	<Image Id="{861E147B-6D46-1292-8CF3A5B45E128190}" CmdLine="*Virtual Machine\Guest\Parameters /v PhysicalHostName&#39;) do @echo %i manual&#x26;&#x26;exit" />
	<Image Id="{8470769D-3E5B-F4C0-C36A50820A731AF2}" CmdLine="cmd.exe /x/d/c echo select status from v$instance;|sqlplus -s -l system/??????????store 2&#62;&#x26;1" />
	<Image Id="{3C81BBDE-9893-4C74-EC647678F4E4942A}" CmdLine="*certutil.exe -hashfile c:\* sha256*" />
	<Image Id="{3C81BBDE-9893-4C74-EC647678F4E4942A}" CmdLine="certutil.exe  -hashfile c:\* sha256?" />
	<Image Id="{51CA92D5-E3DD-A3A5-1A4D4668E42FC0C0}" CmdLine="*if exist c:\inetpub\wwwroot\*api,%i,%j" />
	<Image Id="{2363CFC4-5842-98CA-EAB421C87E2E5E94}" CmdLine="*if exist c:\inetpub\wwwroot\*{$rol_rem_port}" />
	<Image Id="{0C3C9B2E-181B-E095-2B21D1AE3D3999DB}" CmdLine="c:\windows\system32\cmd.exe  /s /d /c ( echo define report_type=html; &#x26; echo define*" />
	<Image Id="{75BB350D-7575-6FCF-D4ED53CEF96EDA1E}" CmdLine="c:\windows\system32\cmd.exe  /s /d /c ( echo set feedback off &#x26; echo set lines 2000*" />
	<Image Id="{DD7EEE56-1B27-57B4-86E2E87AE2FFC679}" CmdLine="c:\windows\system32\cmd.exe  /s /d /c ( echo n &#x26; echo n )" />
	<Image Id="{41EB1778-3B3A-7042-2A923B1F0A7544D6}" CmdLine="c:\windows\system32\cmd.exe /c (echo define report_type=html; &#x26; echo define dbid*" />
<!-- Part 0007 2022-01-14T15:24:00.000Z-1642173863 -->
<!-- Part 0007 2022-04-27T19:14:00.000Z-1651086889 -->
<!-- Part 0007 2022-04-29T16:18:00.000Z-1651249114 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0008 2022-03-04T23:29:00.000Z-1646436563 -->
	<Image Id="{02FBFBC3-751B-1178-865CEFF35F7F58D0}" CmdLine="c:\windows\system32\cmd.exe /c powershell.exe -noninteractive -command $servicename=&#x27;*if ($srv) { echo $srv.status} else { echo &#x27;=notfound=&#x27; } " />
	<Image Id="{379EEBEF-02AB-4D9D-27534F8FA90082D6}" CmdLine="c:\windows\system32\cmd.exe /c powershell.exe -noninteractive -command if (!( get-service &#x27;*&#x27; -erroraction silentlycontinue ) ) { exit 1 }" />
	<Image Id="{0A1AEBD3-CFE4-1406-7FF9C0BB5CD52EA8}" CmdLine="c:\windows\system32\cmd.exe /c powershell.exe -noninteractive -command $srv=get-service &#x27;*&#x27; -erroraction silentlycontinue;\t\t\t\t\tif ($srv) { echo $srv.status } else { exit 1 }" />
	<Image Id="{CBB17BA3-6817-88D5-FC461664B3997D99}" CmdLine="*powershell.exe -noninteractive -command $servicename=&#x27;*if ($srv) { echo $srv.status} else { echo &#x27;=notfound=&#x27; } " />
	<Image Id="{EEB33D71-2229-85AE-6FB4041746F891EB}" CmdLine="*powershell.exe -noninteractive -command if (!( get-service &#x27;*&#x27; -erroraction silentlycontinue ) ) { exit 1 }" />
	<Image Id="{15BD83CD-A39E-B877-41CE70673AD8FFCB}" CmdLine="*powershell.exe -noninteractive -command $srv=get-service &#x27;*&#x27; -erroraction silentlycontinue;\t\t\t\t\tif ($srv) { echo $srv.status } else { exit 1 }" />
	<Image Id="{7B8D4A2D-A375-2A8C-45F21ACD062971CF}" CmdLine="c:\program files\pandora_agent\util\autodiscover.exe  --default" />
	<Image Id="{816942A8-743F-E466-A2BFC2B8403DBAA6}" CmdLine="powershell get-service -name &#x27;*&#x27; | select-object -expandproperty name" />
	<Image Id="{F965B4D1-80AD-BB76-23CF239D209FFCAA}" CmdLine="powershell get-service -name &#x27;*&#x27; | select-object -expandproperty status" />
<!-- Part 0008 2022-03-04T23:29:00.000Z-1646436563 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0009 2022-03-15T14:40:00.000Z-1647355227 -->
	<Image Id="{EDC66E27-7833-D65D-95BE7C6443526B15}" CmdLine="powershell.exe -executionpolicy restricted -command write-host &#39;final result: 1&#39;;" />
<!-- Part 0009 2022-03-15T14:40:00.000Z-1647355227 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0010 2022-04-28T15:57:00.000Z-1651161431 -->
	<Image Id="{4E078141-9A74-D41E-E8AF70796A3AD29E}" CmdLine="*ping -w 200 -n 1 10.?9??1????8*" />
	<Image Id="{DD7EEE56-1B27-57B4-86E2E87AE2FFC679}" CmdLine="c:\windows\system32\cmd.exe  /s /d /c ( echo n &#x26; echo n )" />
	<Image Id="{206FA73B-BF59-8263-5F1833A474D82B53}" CmdLine="cmd  /v:on /c @echo off &#x26; (for   %f in (*" />
<!-- Part 0010 2022-04-28T15:57:00.000Z-1651161431 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0011 2022-06-10T15:48:00.000Z-1654876096 -->
	<Image Id="{102A6635-88D1-9947-BC05719077005E34}" CmdLine="c:\windows\sysnative\windowspowershell\v1.0\powershell.exe -noprofile -noninteractive try {&#10;    [console]::inputencoding = [console]::outputencoding = [text.utf8encoding]::utf8&#10;&#9;*rez&#10;&#10;}&#10;checkpasswordlen -len 8&#10;&#9;} catch [system.exception] {}" />
	<Image Id="{F204EBBF-5005-652A-A5B92959C936115A}" CmdLine="C:\Windows\Microsoft.NET\Framework\v4.?.?????\csc.exe /noconfig /fullpaths @C:\Users\*\AppData\Local\Temp\????????\????????.cmdline" />
<!-- Part 0011 2022-06-10T15:48:00.000Z-1654876096 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0012 2022-08-16T13:56:00.000Z-1660658176 -->
	<Image Id="{2A46374A-7D23-BD5F-6FEEE01D0228C251}" CmdLine="*hklm:\software\microsoft\windows\currentversion\capabilityaccessmanager\consentstore\location*geowatcher.position.location&#10;&#9;&#9;}&#10;&#9;&#10;&#9;} catch [system.exception] {}&#34;" />
	<Image Id="{48D67D29-3916-974F-0DF2C356F36E72D5}" CmdLine="*hklm:\software\microsoft\windows\currentversion\capabilityaccessmanager\consentstore\location*geowatcher.position.location&#10;&#9;&#9;}&#10;&#9;&#10;&#9;} catch [system.exception] {}" />
<!-- Part 0012 2022-08-16T13:56:00.000Z-1660658176 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0013 2022-08-24T14:40:00.000Z-1661352007 -->
	<Image Id="{177888B5-5014-F2AE-F83797881CBD3ECF}" CmdLine="..\..\third_party\llvm-build\Release+Asserts\bin\clang-cl.exe /c ..*" />
<!-- Part 0013 2022-08-24T14:40:00.000Z-1661352007 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0014 2022-08-26T13:03:00.000Z-1661518986 -->
	<Image Id="{F7118A74-CFC2-1CB4-B3DE8D7BDB9FCAA7}" CmdLine="c:\windows\system32\cmd.exe /c c:/windows/system32/windowspowershell/v1.0/powershell.exe get-wmiobject -class win32_*" >
		<Hash MD5="911d039e71583a07320b32bde22f8e22" />
	</Image>
	<Image Id="{602A384C-98F0-8BFF-8D70C3E8F90A695F}" CmdLine="c:/windows/system32/windowspowershell/v1.0/powershell.exe  get-wmiobject -class win32_*" >
		<Hash MD5="7353f60b1739074eb17c5f4dddefe239" />
	</Image>
	<Image Id="{07118A74-CFC2-1CB4-B3DE8D7BDB9FCAA7}" CmdLine="c:\windows\system32\cmd.exe /c c:/windows/system32/windowspowershell/v1.0/powershell.exe [system.net.dns]::gethostname()" >
		<Hash MD5="911d039e71583a07320b32bde22f8e22" />
	</Image>
	<Image Id="{702A384C-98F0-8BFF-8D70C3E8F90A695F}" CmdLine="c:/windows/system32/windowspowershell/v1.0/powershell.exe  [system.net.dns]::gethostname()" >
		<Hash MD5="7353f60b1739074eb17c5f4dddefe239" />
	</Image>
	<Image Id="{4D03E570-16F2-D5D8-86FEE40F01C41DA1}" CmdLine="powershell (get-counter -counter \\hyper-v dynamic memory vm(dockerdesktopvm)\average pressure\&#x2c; \\hyper-v dynamic memory vm(dockerdesktopvm)\physical memory\&#x2c; \\hyper-v hypervisor virtual processor(dockerdesktopvm:*)\% guest run time\).countersamples.cookedvalue" />
<!-- Part 0014 2022-08-26T13:03:00.000Z-1661518986 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0015 2022-09-21T19:25:00.000Z-1663788319 -->
<!-- Part 0015 2022-09-29T17:11:00.000Z-1664471515 -->
	<Image Id="{0C0EFEFC-A74F-51CD-E3ADFB4199BA72FA}" Path="*Plustek\*OpticSlim*\DocuAction.exe" />
	<Image Id="{1DDEB6F8-27BE-DD39-777296F75B87F840}" Path="*Nexthink*" >
		<Signature Subject="*NEXThink*" />
	</Image>
<!-- Part 0015 2022-09-29T17:11:00.000Z-1664471515 -->
<!-- Part 0015 2022-09-21T19:25:00.000Z-1663788319 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0016 2022-09-22T14:39:00.000Z-1663857588 -->
	<Image Id="{FC734465-C08A-AB67-6BF4D075D3B835A7}" CmdLine="C:\windows\system32\BackgroundTaskHost.exe -ServerName:BackgroundTaskHost.*" />
	<Image Id="{B83C4BC0-8868-E9BC-615F3DD7CE1A4F21}" CmdLine="wscript.exe  wait.vbs" />
	<Image Id="{88CB27EB-96AA-6C20-C0CD156599159662}" Path="*robot js add-on\uipath.robotjs.userhost.exe" />
	<Image Id="{4564E2D5-AAAE-E2F1-507071C2245357ED}" CmdLine="..\..\third_party\llvm-build\release+asserts\bin\clang-cl.exe /c gen*" />
<!-- Part 0016 2022-09-22T14:39:00.000Z-1663857588 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0017 2022-09-27T13:35:00.000Z-1664285714 -->
<!-- Part 0017 2022-09-29T16:12:00.000Z-1664467949 -->
	<Image Id="{4AA39DDC-18BE-113A-0294CCAB4A17CF6F}" Path="c:\windows\servicing\trustedinstaller.exe" />
	<Image Id="{99ABBD93-70D8-5768-6E2DEF239A079444}" Path="C:\Windows\System32\LogonUI.exe" CmdLine="LogonUI.exe *" />
	<Image Id="{DA569C0B-2D7B-635A-880B069B3384AE49}" CmdLine="c:\windows\winsxs\amd64_microsoft-windows-servicingstack_*\tiworker.exe -embedding" />
<!-- Part 0017 2022-09-29T16:12:00.000Z-1664467949 -->
<!-- Part 0017 2022-09-27T13:35:00.000Z-1664285714 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0018 2022-10-24T18:27:00.000Z-1666636075 -->
<!-- Part 0018 2022-10-25T16:50:00.000Z-1666716646 -->
	<Image Id="{11A379B9-C2E5-AEBA-18382D566AE763DB}" CmdLine="C:\WIndows\System32\WindowsPowerShell\v1.0\powershell.exe *-ExecutionPolicy AllSigned *Amazon\WorkSpacesConfig\Scripts*" />
	<Image Id="{1049FEFE-1FB0-9EEB-50E2618BCBE7B6C4}" CmdLine="C:\WIndows\System32\WindowsPowerShell\v1.0\powershell.exe * -ep AllSigned *Amazon\WorkSpacesConfig\Scripts*" />
	<Image Id="{F6078B04-78DB-8EE0-D8C9CA751B21D989}" CmdLine="c:\windows\system32\windowspowershell\v1.0\powershell.exe *amazon\workspacesconfig\scripts* -executionpolicy allsigned*" />
	<Image Id="{74D78A57-4AA7-8F3D-FE3EF61B4DFE6845}" CmdLine="c:\windows\system32\windowspowershell\v1.0\powershell.exe *amazon\workspacesconfig\scripts* -ep allsigned*" />
	<Image Id="{1476BF5A-94AB-1029-293AE824E75A1B69}" CmdLine="powershell.exe  -windowstyle hidden -ExecutionPolicy Bypass -File C:\Program Files (x86)\MDIO Software\Autochartist MetaTrader Expert Advisor\DownloadVAFiles.ps1" />
<!-- Part 0018 2022-10-25T16:50:00.000Z-1666716646 -->
<!-- Part 0018 2022-10-24T18:27:00.000Z-1666636075 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0019 2022-10-26T15:13:00.000Z-1666797225 -->
	<Image Id="{3BECF452-BA83-6890-94C5D56392C1FB7A}" CmdLine="powershell.exe -executionpolicy bypass -file c:\programdata\cmclienthealth\configmgrclienthealth.ps1  -config c:\programdata\cmclienthealth\config.xml" />
	<Image Id="{B7E2AC3D-E284-07E0-DFE5E2B09709A9F8}" CmdLine="powershell.exe  -version 3 -executionpolicy bypass -file configurator/aem-configurator.ps1 http://localhost:*.config" />
	<Image Id="{407E74C9-714D-F122-93C017035AAB28D7}" CmdLine="powershell.exe  -version 3 -executionpolicy bypass -file configurator/aem-configurator.ps1 http://localhost:*.config " />
	<Image Id="{8678ED65-B96C-E789-D21B57C425A75D90}" CmdLine="powershell.exe  -version 3 -executionpolicy bypass -file configurator/aem-configurator.ps1 http://localhost:*.config?" />
	<Image Id="{385C398E-58F9-E26B-D6F787DBADF54A99}" CmdLine="powershell.exe  -version 3 -executionpolicy bypass -file package-installer.ps1 curl\curl.exe *.zip $true" />
	<Image Id="{69BB345E-1B06-C2C9-106661A0385488E3}" CmdLine="powershell.exe  -version 3 -executionpolicy bypass -file package-installer.ps1 curl\curl.exe *.zip $true " />
	<Image Id="{4A41310F-6C23-E8F4-53C8B2283340186C}" CmdLine="powershell.exe  -version 3 -executionpolicy bypass -file package-installer.ps1 curl\curl.exe *.zip $true?" />
<!-- Part 0019 2022-10-26T15:13:00.000Z-1666797225 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0020 2022-10-27T14:34:00.000Z-1666881254 -->
	<Image Id="{D5538BCA-0E33-B652-774113AA4A25B818}" CmdLine="c:\program files\powershell\7\pwsh.exe c:\scripts\neo4j\mainscripts\ad\adassetsadenrichment.ps1" />
	<Image Id="{054D6654-392D-5D70-AF08D1A128EAC3DE}" CmdLine="c:\program files\powershell\7\pwsh.exe c:\scripts\neo4j\mainscripts\ad\cleanadcsvfolder.ps1" />
	<Image Id="{9A079054-A450-AD19-A76C66758121084F}" CmdLine="c:\program files\powershell\7\pwsh.exe c:\scripts\neo4j\mainscripts\ipam\cleanipamcsvfolder.ps1" />
	<Image Id="{D8CD0066-1CB6-E47D-9BE3B87A792B1CFD}" CmdLine="c:\program files\powershell\7\pwsh.exe c:\scripts\neo4j\mainscripts\isy\cleanisycsvfolder.ps1" />
	<Image Id="{29C60CE9-709D-7294-9801A2A25CE743C7}" CmdLine="c:\program files\powershell\7\pwsh.exe c:\scripts\neo4j\mainscripts\nlyte\cleannlytecsvfolder.ps1" />
	<Image Id="{B6ED03D5-8908-3924-84E92D8D0B287C5C}" CmdLine="c:\windows\system32\wscript.exe c:\programdata\sysmon\wec_upd.vbs " />
	<Image Id="{1B60885F-F0F5-DFCC-F62D56E9BE763D86}" CmdLine="c:\windows\system32\wscript.exe c:\programdata\terhun\th_20_upd.vbs " />
	<Image Id="{6BA35622-0C65-1DB4-BF24C0B116BC33B3}" CmdLine="c:\windows\system32\wscript.exe c:\programdata\terhun\th_20_upd_test.vbs " />
	<Image Id="{C7A09B2A-10D0-C765-A29074A39035260C}" CmdLine="c:\windows\system32\wscript.exe c:\programdata\sysmon\wec_upd.vbs" />
	<Image Id="{DE667D5F-32F8-6714-42A127FC295EF364}" CmdLine="c:\windows\system32\wscript.exe c:\programdata\terhun\th_20_upd.vbs" />
	<Image Id="{00804021-91A0-AB27-6660F83E3BC89564}" CmdLine="c:\windows\system32\wscript.exe c:\programdata\terhun\th_20_upd_test.vbs" />
	<Image Id="{1094F5BF-54EE-3417-91D9C89610FB89AB}" CmdLine="c:\windows\system32\wscript.exe c:\programdata\sysmon\wec_upd.vbs?" />
	<Image Id="{30E76A8D-A983-9CA7-BD938156C424EE81}" CmdLine="c:\windows\system32\wscript.exe c:\programdata\terhun\th_20_upd.vbs?" />
	<Image Id="{08ECA0A1-04BF-7497-CF567A7B49343241}" CmdLine="c:\windows\system32\wscript.exe c:\programdata\terhun\th_20_upd_test.vbs?" />
<!-- Part 0020 2022-10-27T14:34:00.000Z-1666881254 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0021 2022-10-31T18:23:00.000Z-1667240608 -->
	<Image Id="{38D6B635-1961-07E6-AE89037CA4361000}" CmdLine="*bin\git-askpass.exe*)][%(objectsize)]" >
		<Signature Subject="Johannes Schindelin" />
	</Image>
	<Image Id="{D166D85E-6DA2-1A17-2C252BE45FBE9AF4}" CmdLine="c:\windows\syswow64\inetsrv\w3wp.exe -ap *a \\.\pipe\iisi*w  -m 0 -t 20 -ta 0" />
<!-- Part 0021 2022-10-31T18:23:00.000Z-1667240608 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0022 2022-11-02T13:26:00.000Z-1667395575 -->
	<Image Id="{11939D14-8452-9009-19507B6082F13E0F}" CmdLine="c:\windows\sysnative\windowspowershell\v1.0\powershell.exe  -executionpolicy bypass -file c:\windows\ccmcache\*\run.ps1 sleep_disable" />
	<Image Id="{19B18AEF-CD93-2317-2B71B77B28A35536}" CmdLine="c:\program files\powershell\7\pwsh.exe c:\scripts\neo4j\mainscripts\ad\adassetsipamenrichment.ps1" />
<!-- Part 0022 2022-11-02T13:26:00.000Z-1667395575 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0023 2024-08-20T17:39:00.000Z-1724175557 -->
	<Image Id="{DEFEEC23-38CD-F1F5-9CF107B166446D70}" CmdLine="gpupdate.exe /target:computer" Path="C:\Windows\System32\gpupdate.exe" />
	<Image Id="{B3F94FD1-EFDC-CC8C-44272D1C7CDF26F4}" CmdLine="gpupdate.exe /target:user" Path="C:\Windows\System32\gpupdate.exe" />
	<Image Id="{ACDE6030-8F32-55CD-E831A8B985A0B9DF}" CmdLine="ztray64.exe -pid:*" >
		<Signature Subject="*Zecurion*" />
	</Image>
	<Image Id="{B5AD309A-DDAB-BF62-4E576D0DEB9CE11F}" Path="C:\Program Files (x86)\JC-WebClient\*" >
		<Signature Subject="*ALADDIN*" />
	</Image>
	<Image Id="{D7DD5B82-715D-C4C8-3C42C28246258F94}" Path="c:\program files (x86)\kaspersky lab\*" >
		<Signature Subject="*kaspersky*" />
	</Image>
	<Image Id="{E7DD5B82-815D-C4C8-4C42C28246258F94}" Path="c:\program files (x86)\kaspersky lab\*" >
		<Signature Subject="too midori trading" />
	</Image>
	<Image Id="{50DEF89A-7B3F-CA4E-16D24D21AE647D93}" CmdLine="chcp" Path="C:\Windows\System32\chcp.com" />
	<Image Id="{8512E4C1-C379-AC58-F309186D9B8FEABB}" CmdLine="chcp  866" Path="C:\Windows\System32\chcp.com" />
	<Image Id="{DB8FBAC1-9658-AA04-83B93F5504A03C7F}" CmdLine="C:\Windows\LtcJobs\Jobs\Ltc\Bin\LtcAgent.EXE C:\Windows\LtcJobs\Jobs\Ltc\Ltc\TEMP\PolicyLink\*/BaseDir:C:\Windows\LtcJobs\Jobs\Ltc\Ltc" />
	<Image Id="{A2E5E0D9-E83E-410D-880FF7FA054C722E}" Path="C:\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_*" >
		<Signature Subject="International Business Machines" />
	</Image>
	<Image Id="{1405861C-D177-E290-5E24749D6FF42E61}" CmdLine="c:/program files/postgresql/*/bin/postgres.exe --forkbackend *" />
	<Image Id="{98B288C3-2A9D-7F28-3CA94A73FF5D9263}" CmdLine="c:/program files/hp/rs/pgsql/bin/postgres.exe --forkavworker *" />
	<Image Id="{E9FD316E-322B-780B-82DF398226BAEBA8}" Path="c:\program files (x86)\checkpoint\endpoint security\*" >
		<Signature Subject="Check Point*" />
	</Image>
	<Image Id="{FA11C9A7-E50B-D5CB-1C832A4F4CC98F90}" CmdLine="c:\program files\microsoft sql server\*\com\replmerg.exe -publisher [*" >
		<Signature Subject="*Microsoft*" />
	</Image>
	<Image Id="{00F93B30-8D02-8DB0-0176943FCC0C169C}" CmdLine="c:\windows\ccm\\ccm32bitlauncher.exe ? ????" >
		<Signature Subject="*Microsoft*" />
	</Image>
	<Image Id="{B96AFDBF-3E3C-E501-A4ABA54FD449C65B}" CmdLine="c:\windows\system32\cmd.exe /c c:\program files\microsoft monitoring agent\agent\health service state\monitoring host temporary files *\main.cmd" />
	<Image Id="{A363E537-843C-D289-1792AB9DBFC1B8D9}" CmdLine="c:\windows\system32\cscript.exe  /nologo c:\program files\microsoft monitoring agent\agent\health service state\monitoring host temporary files *\discoverosbased.vbs*" />
	<Image Id="{04A73D7C-D8F0-055B-77438515C4C9E1EC}" CmdLine="c:\windows\syswow64\rundll32.exe c:\windows\syswow64\stkhcl32.dll&#x2c;inject ????? c:\windows\system32\stkhcl32.dll user32.dll ???" />
	<Image Id="{6811D5B1-5BA8-F1FE-3CBEF689D3903D10}" CmdLine="c:\monitoring\hw_support\ipmitool\ipmitool.exe  -i lanplus -h 10.*" >
		<Signature Subject="*Microsoft*" />
	</Image>
	<Image Id="{2B22B0CA-A475-0F81-045996766E78A78F}" CmdLine="c:\monitoring\python36\python  c:\monitoring\hw_support\snmpv2ping.py 10.*" />
	<Image Id="{5D66A878-256D-4274-025DC3EE4187162C}" CmdLine="c:\windows\system32\cmd.exe  /s /d /c echo c:\*systemprofile\appdata\local\microsoft\windowsapps; " />
	<Image Id="{875841F5-72C8-BFB0-C0C3479A40B2DED3}" CmdLine="c:\windows\system32\cmd.exe /c c:\program files (x86)\zecurion\endpoint\mff_*.bat" />
	<Image Id="{15A094E3-B5A1-4311-0F5CD387C3168A7A}" CmdLine="c:\windows\system32\cmd.exe /c c:\windows\ltcjobs\jobs\ltc\ltc\work\bat\*.bat.log 2&#62;&#62;&#38;1" />
	<Image Id="{47E65EFC-0873-B526-E0000358BB12DC67}" CmdLine="c:\windows\system32\cmd.exe /c cscript.exe //nologo \\*\jobsltc\ltc\localdata\commontasks\taskdepends\get-*.vbs snpa-lvarset.*" />
	<Image Id="{4C99D385-66C6-D96D-9AC24E8669115E99}" CmdLine="c:\windows\system32\cmd.exe /c dir /-c /w \\?\c:\users\*\appdata\roaming\rabbitmq\db\rabbit@wstt*-mnesia" />
	<Image Id="{73531B33-621A-F355-DEA7F421CC4ECD04}" CmdLine="c:\windows\system32\cmd.exe /c handle.exe /accepteula -s -p ???? 2&#62; nul" />
	<Image Id="{574802D6-C094-0473-CB190716532A15D1}" CmdLine="c:\windows\system32\cmd.exe /c handle.exe /accepteula -s -p ????? 2&#62; nul" />
	<Image Id="{7E548BCF-5C0A-F7A7-F8F8C05AC74B79EA}" CmdLine="c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_*\igfxcuiservice.exe" >
		<Signature Subject="*Intel*" />
	</Image>
	<Image Id="{6F5C6B56-9E81-F540-C7AB75FB8C8CF23A}" CmdLine="c:\windows\system32\driverstore\filerepository\dal.inf_amd64_*\jhi_service.exe" >
		<Signature Subject="*Intel*" />
	</Image>
	<Image Id="{83E856A2-1002-C854-9C70BC95EDDCE15F}" CmdLine="c:\windows\system32\driverstore\filerepository\iaahcic.inf_amd64_*\rstmwservice.exe" >
		<Signature Subject="*Intel*" />
	</Image>
	<Image Id="{7C5D05B0-71BB-9BBC-0DB75076E50D813F}" CmdLine="c:\windows\system32\driverstore\filerepository\iastorac.inf_amd64_*\rstmwservice.exe" >
		<Signature Subject="*Intel*" />
	</Image>
	<Image Id="{929B423C-6171-B692-B3D90FEFC97DAFB9}" CmdLine="c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_*\intelcphdcpsvc.exe" >
		<Signature Subject="*Intel*" />
	</Image>
	<Image Id="{D90427F1-06CC-A86D-AD355434063D99C3}" CmdLine="c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_*\igfxcuiservice.exe" >
		<Signature Subject="*Intel*" />
	</Image>
	<Image Id="{3B022092-72FD-1CA6-10AF939AEC84C12C}" CmdLine="c:\windows\system32\driverstore\filerepository\iigd_dch.inf_amd64_*\intelcphdcpsvc.exe" >
		<Signature Subject="*Intel*" />
	</Image>
	<Image Id="{ECB1EEEC-C6F6-E24A-30AD565850C7C951}" CmdLine="c:\windows\syswow64\werfault.exe -pss -s ??? -p *" />
	<Image Id="{CDB7827D-9687-446E-00C740B025AE906A}" CmdLine="cscript  //nologo c:\windows\ltcjobs\task\runonce-mainscript.bat\..\domainrunoncejob.cmd\..\*" />
	<Image Id="{1DE912B6-0C1A-10CF-70B089E1F9178D6D}" CmdLine="cscript.exe  //nologo \\*\jobsltc\ltc\localdata\commontasks\taskdepends\get-*.vbs snpa-lvarset.*" />
	<Image Id="{DD2F6750-3D62-F7AB-A6962BC7845C041C}" CmdLine="rundll32.exe c:\windows\system32\davclnt.dll&#x2c;davsetcookie *" >
		<Signature Subject="*Microsoft*" />
	</Image>
<!-- Part 0023 2024-08-20T17:39:00.000Z-1724175557 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0024 2022-11-22T13:54:00.000Z-1669125274 -->
	<Image Id="{06CEE4BD-0042-0214-37FD552A58F1E599}" CmdLine="c:\windows\system32\wsl.exe  -d docker-desktop cat /proc/meminfo" />
	<Image Id="{232E271F-883B-5E44-90FDA5E53BE412D1}" CmdLine="*workspace/git/monorepo/component/kata_client/.build/b*" />
	<Image Id="{3F2B63B0-AAD9-C390-DA65B29EA644F40E}" CmdLine="c:\windows\system32\cmd.exe /d /s /c watchman --version" />
	<Image Id="{65C78C37-D2AB-8F51-75FD1B00DDD3738F}" CmdLine="*bin/hostx64/x64/cl.exe /mdd /std:c++*" />
	<Image Id="{B491877E-233D-F9A4-8E46F30C5E84B4EC}" CmdLine="*bin/hostx64/x86/cl.exe /md /std:c++*" />
	<Image Id="{574520E2-54FB-C2A0-AB16EB02C8A2BE56}" CmdLine="*explorer/git/mingw64/bin\git-askpass.exe --no-pager*" />
	<Image Id="{297F82AC-F0A4-74BA-852064A4E67FE566}" CmdLine="*professional\msbuild\current\bin\tracker.exe @c:\users\*.rsp" />
	<Image Id="{A83029E5-D147-30DF-7791A3E85E0B5403}" CmdLine="*ide\vc\vcpackages\x86\vcpkgsrv.exe -q -s {*" />
	<Image Id="{540B4017-CDED-5D27-C1D07FDCCA9A7377}" CmdLine="*ide\vc\vcpackages\x86\vcpkgsrv.exe -s {*" />
	<Image Id="{19C347C8-DB89-6131-9E5CD50E02A89731}" CmdLine="*bin\hostx64\x86\cl.exe /c /i*" />
	<Image Id="{4948300C-57EA-CC59-1A327AFF9854975A}" CmdLine="c:\sandbox\bin\cmder\vendor\*\conemu\conemuc.exe /sethooks*" />
<!-- Part 0024 2022-11-22T13:54:00.000Z-1669125274 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0025 2022-11-29T17:42:00.000Z-1669743724 -->
	<Image Id="{AAD59A03-D290-6266-520C70051E34CFB2}" Path="*splunkuniversalforwarder\bin\splunk*" >
		<Signature Subject="*splunk*" />
	</Image>
	<Image Id="{71E740BF-0DBB-D862-9FF261BBF5694CF4}" CmdLine="c:\program files (x86)\stonevoiceas\lib\unison\unison.exe -batch -confirmbigdel=false -halfduplex -killserver -ignorelocks -prefer=newer -log=false*" />
	<Image Id="{5EACE73F-2FB0-8619-AFEDC064902AAB3E}" CmdLine="c:\program files (x86)\stonevoiceas\lib\unison\unison.exe -socket ?????" />
	<Image Id="{882C3091-A2C0-3889-3A4EF56EFF79F980}" Path="*Program Files*SolarWinds*" >
		<Signature Subject="*Solarwinds*" />
	</Image>
	<Image Id="{BF4FB178-261D-5B1D-022C7965E5CE4BD7}" Path="c:\program files (x86)\veeam\*" >
		<Signature Subject="*Veeam*" />
	</Image>
	<Image Id="{FCE648EB-B768-7A43-0B78754762865661}" Path="c:\program files\veeam\*" >
		<Signature Subject="*Veeam*" />
	</Image>
	<Image Id="{2D112265-D2E9-F284-FA906A2345F06120}" Path="C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\*Tools\Binn\bcp.exe" >
		<Signature Subject="*Microsoft*" />
	</Image>
	<Image Id="{08CE0593-9140-C2A1-C7F169C7597ACA9C}" CmdLine="c:\windows\system32\cmd.exe /s /c c:\program files (x86)\kaspersky lab\kaspersky endpoint security for windows\kescli.exe*" />
	<Image Id="{989668F7-CE73-B413-B4D0E7C43B70D30D}" CmdLine="c:\windows\system32\cmd.exe /s /c c:\windows\system32\manage-bde.exe -status *" />
	<Image Id="{717B6D82-48EC-A726-25A43782EDADE8AC}" CmdLine="c:\windows\system32\manage-bde.exe  -status " />
	<Image Id="{95159A42-DC98-06D0-0F868A2B023549CA}" CmdLine="c:\windows\system32\pacjsworker.exe ????????-????-*" >
		<Signature Subject="*Microsoft*" />
	</Image>
	<Image Id="{B55F2E84-109B-9145-C041F47D46F17681}" CmdLine="c:\windows\system32\wscript.exe c:\users\*appdata\roaming\eus\eusvb.vbs //b" />
	<Image Id="{9F7A92A9-073D-176E-08F53529C40F5503}" CmdLine="c:\windows\temp\????????-????-*dismhost.exe {*" >
		<VersionInfo OrignFileName="DismHost.exe" ProductName="Microsoft® Windows® Operating System" FileDescription="Dism Host Servicing Process" />
	</Image>
	<Image Id="{9CCC4D9D-8B9E-0307-2A0746C9CE6724BC}" CmdLine=".git/hooks/virtual-filesystem 1" />
	<Image Id="{FE1F9480-2195-69DB-1312B57550C17E15}" Path="*bin\hostx64\x86\vctip.exe" >
		<Signature Subject="*Microsoft*" />
	</Image>
	<Image Id="{AE03E214-7A87-FCAB-C374BEF21DFDEBC8}" Path="*hostx86\x86\vctip.exe" >
		<Signature Subject="*Microsoft*" />
	</Image>
	<Image Id="{CBE16A2C-85D9-6147-0385F6BCE1DB9A12}" CmdLine="*bin/hostx64/x86/cl.exe /md /external*" />
	<Image Id="{8EC24E88-D853-8AE7-F92DCD8E6900BB2F}" Path="C:\Windows\Temp\DPTF\esif_assist_64.exe" >
		<Signature Subject="*Intel*" />
	</Image>
	<Image Id="{83BAD400-20D4-E042-86F54CC1C2A415E5}" CmdLine="c:\program files\gvfs\gvfs.hooks.exe post-command*" />
	<Image Id="{7943A9A7-9131-74EC-1A50CF628CC12BE9}" CmdLine="c:\program files\gvfs\gvfs.hooks.exe pre-command*" />
	<Image Id="{F0EE0769-BB94-03CF-6CD38699CA687243}" CmdLine="*windows_sandbox\bazelsandbox.exe @*monorepo/component*" />
	<Image Id="{67A2C24B-DE66-D4AA-668E8634632EB7F2}" CmdLine="c:\windows\system32\msiexec.exe /y c:\windows\ccm\*.dll" />
	<Image Id="{2F3555AC-6949-0510-08D2AC9C2BE8734E}" CmdLine="*git/hooks/pre-command.exe*" />
	<Image Id="{61C5919E-45C4-BBAD-DA4714ECE86CC16F}" CmdLine="*git/hooks/post-command.exe*" />
<!-- Part 0025 2022-11-29T17:42:00.000Z-1669743724 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0026 2023-03-14T15:18:00.000Z-1678807139 -->
	<Image Id="{D04E8C6F-EE94-60EC-529CF52947A50823}" CmdLine="ctxsession.exe -s 1" >
		<Signature Subject="Citrix*" />
	</Image>
	<Image Id="{51BCE651-1822-F60D-E63094179CDADB4C}" CmdLine="powershell  -NonInteractive [System.Net.Dns]::GetHostByName(($env:computerName)).Hostname" />
	<Image Id="{D7AC37A8-3AD5-66E1-16641AECD62B8EEE}" CmdLine="cmd /C powershell -NonInteractive [System.Net.Dns]::GetHostByName(($env:computerName)).Hostname" />
	<Image Id="{EEDCF2B3-247A-99DE-241F23D4D5EA6A01}" Path="C:\Program Files (x86)\FireEye\*" >
		<Signature Subject="FireEye*" />
	</Image>
	<Image Id="{599581BC-41EB-49C9-14175DF65A55C875}" Path="C:\Windows\FireEye*" >
		<Signature Subject="FireEye*" />
	</Image>
	<Image Id="{605CE07F-B830-3E7A-779A07349073ECE2}" Path="C:\tools\Utilities\rebootIndicator.exe" >
		<VersionInfo FileDescription="Reboot Indicator" ProductName="%kl_undef%" />
	</Image>
	<Image Id="{0BF3C1A4-036B-98FC-E45D3DE277F9B126}" Path="C:\Program Files (x86)\Boldon James\*" >
		<Signature Subject="Boldon James*" />
	</Image>
	<Image Id="{C8C218DA-EB59-CD2E-BFC65B0F2619B5A2}" CmdLine="C:\Program Files\Zabbix\bin\zabbix_agentd.exe --config C:\Program Files\Zabbix\conf\zabbix_agentd.conf" >
		<VersionInfo ProductName="Zabbix" FileDescription="zabbix_agentd.exe" OrignFileName="%kl_undef%" />
	</Image>
	<Image Id="{C607C59D-DE06-34C7-C80D6D1E4EDC5BEB}" CmdLine="C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -file C:\Program Files\Zabbix\MainWindow1.ps1" />
	<Image Id="{116AD76A-5432-CC99-1CE4E8741C399F34}" Path="C:\Program Files (x86)\Cisco\*" >
		<Signature Subject="Cisco*" />
	</Image>
<!-- Part 0026 2023-03-14T15:18:00.000Z-1678807139 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0027 2023-05-17T14:34:00.000Z-1684334049 -->
<!-- Part 0027 2023-05-16T18:25:00.000Z-1684261512 -->
	<Image Id="{8CEC5782-38CE-57B7-33168C390C805CA6}" Path="c:\program files\microsoft visual studio*ide\devenv.exe" >
		<Signature Subject="*Microsoft*" />
		<VersionInfo ProductName="*Visual Studio*" />
	</Image>
	<Image Id="{46F06C32-7237-CCE7-5F0ADE9CE64D04FF}" CmdLine="*system32\wsl.exe  -d docker-desktop cat /proc*" >
		<Signature Subject="*Microsoft*" />
	</Image>
	<Image Id="{925380EF-77BA-ED9E-3832655BE39E4AA2}" CmdLine="*system32\lxss\wslhost.exe {*" >
		<Signature Subject="*Microsoft*" />
	</Image>
	<Image Id="{B647739F-7C81-13A3-2DAEBB432E38F0D3}" CmdLine="*system32\searchprotocolhost.exe*DownLevelDaemon*" >
		<Signature Subject="*Microsoft*" />
	</Image>
	<Image Id="{8410D1CE-2236-D6CF-3E0525ED9D8B1248}" CmdLine="*git*git*" >
		<Signature Subject="?*" />
	</Image>
	<Image Id="{2EAAEF81-0697-3093-04AAFAB08B6E8455}" Path="*jetbrains*" >
		<Signature Subject="*jetbrains*" />
	</Image>
	<Image Id="{3FBBFF81-0697-3093-04AAFAB08B6E9566}" CmdLine="cmd /c tasklist /FI PID eq * | findstr *" />
<!-- Part 0027 2023-05-16T18:25:00.000Z-1684261512 -->
<!-- Part 0027 2023-05-17T14:34:00.000Z-1684334049 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0028 2023-05-30T17:46:00.000Z-1685468780 -->
	<Image Id="{4C8A91E9-FD08-4D9E-45052A58395FAAB3}" CmdLine="*hardware*" Path="*make.exe" />
	<Image Id="{11BC0266-144F-2179-9864A9C4A7871E34}" Path="C:\cygwin64\bin\sh.exe" />
	<Image Id="{B421F78E-487F-266E-D82EF68EA506AC0D}" CmdLine="*ghs*ccv* -cpu=*" />
	<Image Id="{9F9B4929-A958-0508-A5037BEF917E0476}" CmdLine="*ghs*ease*AppData\Local\Temp\gh_*" />
	<Image Id="{0D0913A9-E220-1430-AEA16F1DA3732178}" CmdLine="*ghs*ecom*AppData\Local\Temp\gh_*" />
	<Image Id="{7A773177-AF83-E5B4-4234BCD69526F270}" CmdLine="*LoopbackExempt*" Path="*CheckNetIsolation.exe" >
		<Signature Subject="Microsoft*" />
	</Image>
	<Image Id="{074D66F1-0C4B-4B56-94950BFCBE12535F}" CmdLine="*check --type*" Path="*BaiduPinyin*bdimeupdate.exe" >
		<Signature Subject="*Baidu*" />
	</Image>
	<Image Id="{62487E5E-A9A5-B826-21BBA7D76DEEF2D0}" CmdLine="ExpressConnect.exe -u" >
		<Signature Subject="*Rivet*" />
	</Image>
	<Image Id="{5B6EC5C7-C45F-25AF-7F31BAAEC1156271}" CmdLine="*SpareRendererForSitePerProcess*" Path="*Baidu*DuGuanjiaTray.exe" >
		<Signature Subject="*Baidu*" />
	</Image>
	<Image Id="{808AE0F8-D09E-5169-5EE08A3B4F5BBFD4}" Path="*Baidu*bdagent*bztagent.exe" >
		<Signature Subject="*Baidu*" />
	</Image>
	<Image Id="{2AF01C4D-ACA9-1B32-9900B4FADB1A8FFC}" CmdLine="*type=renderer*" Path="*infoflow\hiwebhelper.exe" >
		<Signature Subject="*Baidu*" />
	</Image>
	<Image Id="{72E4C202-E716-98F2-004CE3C46EE2AA34}" Path="*IME\Baidu*BaiduPinyinCore.exe" >
		<Signature Subject="*Baidu*" />
	</Image>
	<Image Id="{AEBBCBC2-593E-8D9E-F5B7AE42045FE7CB}" CmdLine="*loopback" Path="*Sangfor*ECAgent.exe" >
		<Signature Subject="*Sangfor*" />
	</Image>
	<Image Id="{69DF15E8-460D-A161-7F3DBC4D31BA0BE1}" CmdLine="*from-sp" Path="*Sangfor*ECAgent.exe" >
		<Signature Subject="*Sangfor*" />
	</Image>
	<Image Id="{A5C3B981-775E-2FE5-FCC4A6B0CBEF6418}" CmdLine="*fromGD_*" Path="*SogouInput*SGTool.exe" >
		<Signature Subject="*Sogou*" />
	</Image>
<!-- Part 0028 2023-05-30T17:46:00.000Z-1685468780 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0029 2023-05-31T12:47:00.000Z-1685537255 -->
<!-- Part 0029 2023-05-31T16:45:00.000Z-1685551549 -->
<!-- Part 0029 2023-05-31T18:25:00.000Z-1685557541 -->
	<Image Id="{2C6B2674-D865-7B26-658BA8D35A8DCC4D}" CmdLine="C:\\Program Files\\Adobe\\Adobe After Effects CC 2017\\Support Files\\AfterFX.exe" >
		<Signature Subject="*Adobe*" />
	</Image>
	<Image Id="{D4B17DCE-51DB-697E-55179570E7F3D694}" Path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe" >
		<Signature Subject="*Adobe*" />
	</Image>
	<Image Id="{E32EEE62-1055-4350-EAD66225439365E9}" Path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe" >
		<Signature Subject="*Node.js*" />
	</Image>
	<Image Id="{891B742B-F210-2532-52EB985070EBFFBE}" CmdLine="*aurora\aurora.exe " >
		<Signature Subject="GOLDEN PROTECTIVE*" />
	</Image>
	<Image Id="{81663594-9006-6B98-5625943CB69358AA}" CmdLine="*AppData\Roaming\byteexec\pac-cmd.exe show" >
		<Signature Subject="La Galleria LLC" />
	</Image>
	<Image Id="{C5C9BB91-978D-9F1F-44B172F764CC3C58}" Path="C:\Program Files\ASUS\GlideX\GlideXService.exe" >
		<Signature Subject="*asustek*" />
	</Image>
	<Image Id="{29E42B34-DB75-8942-833B5D98BD2B0FAA}" CmdLine="C:\WINDOWS\system32\cmd.exe /c C:\Program Files\ASUS\GlideX\adb.exe devices" />
	<Image Id="{7DD5E5E3-FB6E-C6FC-CAD2DE3E9E61BB13}" CmdLine="*ss_win_temp\sysproxy.exe pac http://127.0.0.1:*" >
		<VersionInfo ProductName="*Shadowsocks*" />
	</Image>
	<Image Id="{490558A7-8BFA-B157-0CFCB2932929B24F}" CmdLine="C:\Program Files\ASUS\GlideX\adb.exe  devices" >
		<Signature Subject="*asustek*" />
	</Image>
	<Image Id="{F71C0704-9E0B-1C9D-457DD572D1F5269C}" CmdLine="/c  powershell.exe -exec bypass -nologo -noprofile -file c:\programdata\zabbixscripts\*" />
	<Image Id="{5CD25E52-D2C0-50D0-95B49E7454B2368D}" CmdLine="powershell.exe  -exec bypass -nologo -noprofile -file c:\programdata\zabbixscripts\*" />
<!-- Part 0029 2023-05-31T18:25:00.000Z-1685557541 -->
<!-- Part 0029 2023-05-31T16:45:00.000Z-1685551549 -->
<!-- Part 0029 2023-05-31T12:47:00.000Z-1685537255 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0030 2023-07-14T20:31:00.000Z-1689366674 -->
	<Image Id="{51A42678-116C-461D-B6D062D7E64E9B00}" Path="C:\Program Files\Zabbix*" >
		<Signature Subject="*Zabbix*" />
	</Image>
	<Image Id="{C3CD49BB-E8A7-0A67-71743043A0CEB7F2}" CmdLine="/C  C:\ProgramData\ZabbixScripts\metroman.exe*" />
	<Image Id="{DA4DB9AF-6BA6-EF5A-0C83E2CE11C27FBC}" CmdLine="/C  C:\ProgramData\ZabbixScripts\CPUpowershell.bat" />
	<Image Id="{89DE101B-1D52-2E73-FD3ED35D3C6193E4}" CmdLine="/C PowerShell.exe -exec bypass -nologo -NoProfile -File C:\ProgramData\ZabbixScripts*" />
	<Image Id="{FAD5F021-C958-009B-CF7E81E2779FEAE1}" CmdLine="*where name like &#39;powershell&#39; or name like &#39;powershell#%&#39; get*" />
	<Image Id="{D03CBFBC-8A65-ABD1-3B698B9A5B1B4DE7}" CmdLine="wmic  cpu get NumberOfLogicalProcessors " />
	<Image Id="{44CD39FE-4777-1949-87FC7623DA2AE746}" CmdLine="C:\windows\system32\cmd.exe /c wmic *| findstr [0-9]" />
	<Image Id="{1DF43A00-8680-C0A4-BC3560EE05A9A490}" CmdLine="C:\ProgramData\ZabbixScripts\metroman.exe  * -p *" />
	<Image Id="{D03CBFBC-8A65-ABD1-3B698B9A5B1B4DE7}" CmdLine="wmic  cpu get NumberOfLogicalProcessors " />
	<Image Id="{A1042976-881F-0128-A2107E7C4DF72655}" CmdLine="findstr  [0-9]" />
	<Image Id="{12CF63F4-9786-A602-FB11434979EEC3D5}" CmdLine="*Program Files\McAfee\DLP\Agent*--parent-window=0*" />
	<Image Id="{6046CCD9-723D-91D3-46A3EEFA782B401F}" CmdLine="C:\Program Files (x86)\NICE Systems\ScreenAgent\SASession.exe -StartedByService" >
		<VersionInfo ProductName="NICE Perform" FileDescription="SASession Application" />
	</Image>
	<Image Id="{DEE360A3-A49A-143E-88C3FCC29B553B33}" Path="C:\Program Files (x86)\NICE Systems\ScreenAgent\ScreenAgentSvc.exe" >
		<VersionInfo ProductName="NICE Perform" FileDescription="ScreenAgentSvc" />
	</Image>
	<Image Id="{88DAEC8D-0AB2-7921-A38DFADC729AA224}" Path="c:\program files (x86)\searchinform*" >
		<Signature Subject="*Searchinform*" />
	</Image>
	<Image Id="{04C3CBFD-8F6A-D110-FDBE3E0BC858F854}" Path="c:\program files\searchinform*" >
		<Signature Subject="*Searchinform*" />
	</Image>
	<Image Id="{A7A36564-2DAF-C161-AFB238C91477C3F9}" CmdLine="*ScreenRecording.Recorder.exe  -displayname*" >
		<VersionInfo ProductName="*Screen Recorder" FileDescription="*.ScreenRecording.Recorder" />
	</Image>
	<Image Id="{0AF57468-5D4D-2C2F-8529C73A1FAF69AA}" Path="c:\program files\screenrecorder*screenrecording.captureclient.exe" >
		<VersionInfo ProductName="*Screen Recorder" FileDescription="*.screenrecording.captureclient" />
	</Image>
	<Image Id="{72128753-55D1-8B58-D25FACA5CC0349B4}" CmdLine="ffmpeg_bin\ffmpeg.exe -hide_banner -i *.mp4" />
<!-- Part 0030 2023-07-14T20:31:00.000Z-1689366674 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0031 2023-07-28T13:30:00.000Z-1690551055 -->
<!-- Part 0031 2023-08-01T13:57:00.000Z-1690898255 -->
	<Image Id="{505AE4CE-BC17-74E2-E872E98AF125E616}" Path="*code*" >
		<Signature Subject="microsoft*" />
		<VersionInfo OrignFileName="electron*" />
	</Image>
	<Image Id="{E4FA7C7B-2A67-5455-D15665A3BE3A406D}" CmdLine="*vscode*extension*" >
		<Signature Subject="microsoft*" />
	</Image>
	<Image Id="{A397DA79-C520-BBF9-48B7C7B6E6A459E0}" CmdLine="*vscode*extension*" >
		<Signature Subject="python*" />
	</Image>
<!-- Part 0031 2023-08-01T13:57:00.000Z-1690898255 -->
<!-- Part 0031 2023-07-28T13:30:00.000Z-1690551055 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0031 2023-08-04T11:56:00.000Z-1691150183 -->
	<Image Id="{C67D6107-1F23-895F-3702CD7995692E31}" Path="*Program*bin\git.exe" >
		<VersionInfo OrignFileName="*git*" FileDescription="*git*" ProductName="*git*" />
	</Image>
	<Image Id="{5065E0A0-446C-5D1B-4830E2B7777BF4F6}" Path="*Program*cmd\git.exe" >
		<VersionInfo OrignFileName="*git*" FileDescription="*git*" ProductName="*git*" />
	</Image>
	<Image Id="{6CBEA118-9657-9CA4-ACEF5B7E5F8554FF}" Path="*Program*git-core\git.exe" >
		<VersionInfo OrignFileName="*git*" FileDescription="*git*" ProductName="*git*" />
	</Image>
<!-- Part 0031 2023-08-04T11:56:00.000Z-1691150183 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0032 2023-08-15T18:10:00.000Z-1692123030 -->
	<Image Id="{BCC403F7-ECAA-0D2B-6B5549218104A16C}" Path="*icapsvc.exe" CmdLine=" -m C:\*" >
		<Signature Subject="LLC SOLAR SECURITY" />
	</Image>
	<Image Id="{BC44D609-B1B8-C8C2-FB890807210B8A50}" Path="*icapsvc.exe" CmdLine="-m C:\*" >
		<Signature Subject="LLC SOLAR SECURITY" />
	</Image>
	<Image Id="{1F903061-42E8-ACB6-85F12A4FE7B0D9AE}" Path="*kbdext.exe" >
		<Signature Subject="LLC SOLAR SECURITY" />
	</Image>
	<Image Id="{1428CE08-2C1E-1BE8-94FA44B8A15E12B6}" Path="*uwplauncher.exe" CmdLine="SynapticsIncorporate.*&#x2c;" >
		<Signature Subject="Conexant*" />
	</Image>
	<Image Id="{9A2CB29B-E474-C2CB-893ED71076A90477}" Path="*synapticsincorporate.audiocontrols_" >
		<Signature Subject="5699ba41-022e-4685-9ad3-95c4c30de78d" />
	</Image>
	<Image Id="{1761848D-666D-EE68-529FBC83B203719B}" Path="c:\program files\acer\user experience improvement program service\framework\ueipoobecheck.exe" >
		<Signature Subject="Acer*" />
	</Image>
	<Image Id="{046A6DAE-A44C-EB7E-F94006110A02F153}" CmdLine="*dell\supportassist\koala.exe get s*" >
		<Signature Subject="pc-doctor*" />
	</Image>
	<Image Id="{495C236F-6577-4F65-6565D6B25166AEA9}" Path="C:\Program Files\Dell\SupportAssist*" >
		<Signature Subject="dell*" />
	</Image>
	<Image Id="{6AC7D25D-505F-EF29-67B0BCF57DF7F2FA}" CmdLine="*ngen.exe uninstall c:\*" >
		<Signature Subject="Microsoft*" />
	</Image>
	<Image Id="{E806A529-F383-CF9A-39AD50E8C2099D5C}" CmdLine="c:\windows\system32\backgroundtaskhost.exe -servername:app.appxmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca" >
		<Signature Subject="Microsoft*" />
	</Image>
	<Image Id="{DAEEFAEE-3E68-25D5-5AD4476FA9D73D98}" CmdLine="C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" >
		<Signature Subject="Microsoft*" />
	</Image>
	<Image Id="{E5645A2A-4E57-7DDF-2015462EDFA29ECF}" CmdLine="C:\Windows\System32\mousocoreworker.exe -Embedding" >
		<Signature Subject="Microsoft*" />
	</Image>
	<Image Id="{E9CA6144-AD43-B9CB-0B159B7C26277144}" CmdLine="C:\Windows\system32\PrintIsolationHost.exe -Embedding" >
		<Signature Subject="Microsoft*" />
	</Image>
<!-- Part 0032 2023-08-15T18:10:00.000Z-1692123030 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0033 2023-08-24T18:48:00.000Z-1692902892 -->
	<Image Id="{93D0069F-A93C-B132-12965D6D5AFDF30C}" CmdLine="*Imperva\RemoteAgent\get-capping-info.bat ECE_check_system NONE*" />
	<Image Id="{92583BE6-F7CD-9691-14D020C9EC2D3105}" CmdLine="winmgmt /verifyrepository" />
	<Image Id="{E8051CC6-A887-2DE2-C628226E968DFB5A}" CmdLine=" -NoProfile -NoLogo -NonInteractive -Sta -ExecutionPolicy Unrestricted -File C:\ProgramData\Nexthink\RemoteActions\Scripts\System\{*" />
	<Image Id="{CD22D259-91CA-90F2-E0C77FCF2D096150}" Path="*program files*imperva*" >
		<Signature Subject="imperva*" />
	</Image>
	<Image Id="{782125E5-907B-091E-A507EC9D1FB487BE}" Path="*program files*seclore*" >
		<Signature Subject="seclore*" />
	</Image>
	<Image Id="{5D3FEF71-A3D0-9030-F7C2BD6282B95210}" Path="*program files*bitvise*" >
		<Signature Subject="bitvise*" />
	</Image>
	<Image Id="{EC4A8982-EBBB-E99F-DE40A29FA09B1D9A}" CmdLine="cscript //NoLogo //T:55 *scripts\collector.vbs" />
	<Image Id="{B21761EB-0499-6A1D-94FAD42F34C9A05C}" CmdLine="C:\Windows\system32\cmd.exe /c handle.exe /accepteula -s -p * 2&#62; nul" />
	<Image Id="{85DBBC70-D33D-178B-37BCFDFC1CDC0AB5}" CmdLine="handle.exe  /accepteula -s -p * " />
	<Image Id="{01E040AD-EFF7-A1C6-D5BB987460C414F8}" Path="*appdata\local\ciscosparklauncher\ciscocollabhost.exe" >
		<Signature Subject="cisco*" />
	</Image>
<!-- Part 0033 2023-08-24T18:48:00.000Z-1692902892 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0034 2023-09-06T17:47:00.000Z-1694022444 -->
	<Image Id="{C7AD5B0E-DBE6-C12B-641DCA89F3DBDE4F}" CmdLine="\C:\Program Files\SearchInform\SearchInform RabbitMQ\Erlang\erl-??.?\erts-??.?\bin\epmd -daemon" >
		<VersionInfo ProductName="%kl_undef%" FileDescription="%kl_undef%" />
	</Image>
	<Image Id="{11EDCAE5-A28A-2A2D-80895D42AB7BCD03}" CmdLine="c:\Program Files\SearchInform\SearchInform RabbitMQ\Erlang\erl-??.?\erts-??.?\bin\erl.exe -boot no_dot_erlang -sname epmd-starter-*erlang halt" >
		<VersionInfo ProductName="Erlang/OTP" FileDescription="Erlang" />
	</Image>
<!-- Part 0034 2023-09-06T17:47:00.000Z-1694022444 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0035 2023-09-22T20:54:00.000Z-1695416065 -->
	<Image Id="{BE28A377-E334-857E-96BD67C583FAEBFD}" Path="*Program Files*ManageSoft*" >
		<Signature Subject="Flexera*" />
	</Image>
	<Image Id="{BD59339E-6D8A-6094-2CA43A2D6345CECC}" Path="*Tableau*" >
		<Signature Subject="Flexera*" />
	</Image>
	<Image Id="{F9BC2A3C-F803-050F-2B46B3B9F831F823}" Path="*Program Files*Flexera*" >
		<Signature Subject="Flexera*" />
	</Image>
	<Image Id="{12844741-36D9-E1A0-64B72AEA73E36C8A}" CmdLine="C:\Windows\system32\cmd.exe /c btool server list*--no-log" />
	<Image Id="{E4FC4F0A-88A0-92F5-98A1201A0126AEB3}" CmdLine="C:\Windows\system32\cmd.exe /c*SplunkUniversalForwarder\bin\splunk*" />
	<Image Id="{94998E57-9565-D514-2400F3E838FB2258}" CmdLine="C:\Windows\system32\cmd.exe /c*splunkuniversalforwarder\etc\system\bin*" />
	<Image Id="{268C106E-EE82-8F52-A0A1C1D07B56B293}" CmdLine="C:\Windows\system32\cmd.exe /c btool web list settings --no-log" />
	<Image Id="{A48886FD-F535-C618-6286F45A63C3DA95}" Path="C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" >
		<Signature Subject="microsoft*" />
	</Image>
	<Image Id="{7282F5E2-1402-4F04-CA14A763278AE910}" CmdLine="C:\Windows\system32\cmd.exe /c C:\Windows\TEMP\fstmp\fs_action_*.bat" />
	<Image Id="{443BC016-4822-AC5E-23D9AEF0502F4F5B}" CmdLine="C:\Windows\system32\cmd.exe /c C:\Windows\Temp\fstmp\fs_action_*.bat fsproc_exec" />
	<Image Id="{EEDBAD58-A3FD-1179-F7DA2963B41132DB}" CmdLine="C:\Windows\system32\cmd.exe /c dir /-C /W \\?\RabbitMQ\db\rabbit@*" />
	<Image Id="{BE0105C8-451A-B760-6148DDB24C1CF562}" Path="*datapatrol*" >
		<Signature Subject="datapatrol*" />
	</Image>
	<Image Id="{E500B6A0-1F79-B3B1-3A979366B6D6F688}" Path="*SplunkUniversalForwarder\bin\btool.exe" >
		<Signature Subject="Splunk*" />
	</Image>
	<Image Id="{5431507D-449A-C221-01F584EE37F64163}" CmdLine="C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe -Nologo -Noninteractive -NoProfile -ExecutionPolicy Bypass; Get-Delivery* | ConvertTo-Xml -as string -NoTypeInformation" />
	<Image Id="{5977507E-B9FC-93DC-AF07F38A498A3908}" Path="c:\windows\system32\fsprocsvc.exe" >
		<Signature Subject="forescout*" />
	</Image>
	<Image Id="{6FC2BC42-CDE5-5D62-6DF3C41BF371701C}" CmdLine="*/powershell.exe -NoLogo -NonInteractive -NoProfile -InputFormat Text -OutputFormat Text -Command Get-Process -Id *Select-Object -ExpandProperty HandleCount" />
	<Image Id="{EFC35623-1EEA-FC06-6F951333D76A4628}" CmdLine="c:\windows\system32\NetCfgNotifyObjectHost.exe {*} ????" />
	<Image Id="{BB8986E9-B532-FC19-E4D5BD27B5716808}" CmdLine="cmd.exe /x/d/c C:\Program Files (x86)\Guardium\Guardium Installation Manager/GIM*" />
	<Image Id="{BB8986E9-B532-FC19-E4D5BD27B5716808}" CmdLine="cmd.exe /x/d/c C:\Program Files (x86)\Guardium\Guardium Installation Manager/GIM*" />
	<Image Id="{7435E727-D5DF-764E-297CE95DD6FF5833}" CmdLine="cscript  //U //nologo C:\Windows\Temp\fstmp\fs_*" />
	<Image Id="{B9D466E2-F9EA-A7FC-2A0B5FB5E80FB75E}" CmdLine="eventcreate /T * /L * /SO * /ID *" />
	<Image Id="{D0455B0F-B6ED-FE3B-2CAD202B5E360AFF}" CmdLine="C:/Program Files/Websense/Websense Endpoint/EndPointClassifier.exe C:/Program Files/Websense/Websense Endpoint*\\.\pipe\EndPointConfigComm" />
<!-- Part 0035 2023-09-22T20:54:00.000Z-1695416065 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0036 2024-01-30T20:14:00.000Z-1706645699 -->
	<Image Id="{511CD9A6-84BB-4192-58504B67B908E0BB}" Path="*zabbix*metroman.exe" >
		<Signature Subject="* * *" />
	</Image>
	<Image Id="{09B74479-CECB-439D-C160E8770299C167}" CmdLine="/c  &#9;c:\programdata\zabbixscripts\metroman.exe *" />
	<Image Id="{77A4D8B1-3F92-BCBB-AB51AA7799F47470}" CmdLine="/c  &#9;&#9;c:\programdata\zabbixscripts\metroman.exe *" />
	<Image Id="{A2A409AC-948D-ACAB-D51E054B8F8B77FF}" CmdLine="/C  powershell.exe -exec bypass -nologo -noprofile -File C:\ProgramData\ZabbixScripts\Utilization\*" />
	<Image Id="{6F3F11B2-E383-9671-B597A8D9E6C7165B}" CmdLine="powershell.exe -exec bypass -nologo -noprofile -File C:\ProgramData\ZabbixScripts\Utilization\*" />
	<Image Id="{53D71F52-4D20-7DD2-26A43A363893FF1C}" CmdLine="/c  c:\programdata\zabbixscripts\metroman.exe *" />
	<Image Id="{B4B48C03-41AA-F1A8-2A11B6A88AE9C6D3}" CmdLine="/c  &#9;powershell.exe -exec bypass -nologo -noprofile -file c:\programdata\zabbixscripts\utilization\*" />
	<Image Id="{2EB5A140-45FF-56FA-29CA3D16874E3B55}" CmdLine="/c  &#9;&#9;powershell.exe -exec bypass -nologo -noprofile -file c:\programdata\zabbixscripts\utilization\*" />
	<Image Id="{686A24C0-0459-1059-3DD11B78493339A2}" CmdLine="/c  &#9;&#9;powershell.exe -exec bypass -nologo -noprofile -file c:\programdata\zabbixscripts\inventory\*" />
	<Image Id="{6DA56187-39F7-7CCC-A0D435647E938981}" CmdLine="/c  &#9;powershell.exe -exec bypass -nologo -noprofile -file c:\programdata\zabbixscripts\inventory\*" />
	<Image Id="{6DA56187-39F7-7CCC-A0D435647E938981}" CmdLine="/c  &#9;powershell.exe -exec bypass -nologo -noprofile -file c:\programdata\zabbixscripts\inventory\*" />
	<Image Id="{71C9C5D7-9DBD-076C-0510EDB803000551}" CmdLine="powershell.exe  -exec bypass -nologo -noprofile -file c:\programdata\zabbixscripts\inventory\*" />
	<Image Id="{FB1C4F7E-DFC3-B711-E50D92CC8C654543}" CmdLine="/c  &#9; &#9;powershell.exe -exec bypass -nologo -noprofile -file c:\programdata\zabbixscripts\inventory\*" />
	<Image Id="{649C8F30-105D-63EB-7B3DCA26C7C895A2}" CmdLine="/c  &#9;&#9;qprocess outlook.exe&#62;nul 2&#62;nul &#38;&#38; echo 1" />
	<Image Id="{C3B6853A-BB1C-3A56-FE9010BA809900ED}" CmdLine="/c  &#9;&#9;qprocess excel.exe&#62;nul 2&#62;nul &#38;&#38; echo 1" />
	<Image Id="{33DAC094-5143-D945-CDE5E296CB15270E}" Path="C:\Program Files\Zabbix*zabbix_agent*" >
		<Signature Subject="*Zabbix*" />
	</Image>
<!-- Part 0036 2024-01-30T20:14:00.000Z-1706645699 -->
<!-- ############################################################################################################### -->

<!-- ############################################################################################################### -->
<!-- Part 0037 2024-05-22T14:51:00.000Z-1716389482 -->
	<Image Id="{1F9AD82C-6D08-4F4F-ABE68721C165765C}" Path="c:\program files (x86)\elliptic labs\elliptic_service_daemon.exe" >
		<Signature Subject="*elliptic*" />
	</Image>
	<Image Id="{921BF17C-6B46-B9D9-1F5DED62DC1E5634}" CmdLine="*dir /-c /w &#34;\\*appdata\roaming\rabbitmq\db\rabbit@*" />
	<Image Id="{262DC600-5905-3EC2-0601DA44D00363CB}" CmdLine="*stats --all --no-trunc --no-stream --format &#34;{{ json .}}&#34;*" >
		<Signature Subject="docker inc" />
	</Image>
	<Image Id="{74940BE4-5378-2E2C-A94D8703AF5B0E52}" CmdLine="*stats --all --no-trunc --no-stream --format &#34;{{ json .}}&#34;*" >
		<Signature Subject="*microsoft*" />
	</Image>
	<Image Id="{9F32E1CF-F60C-809B-73C38441E458F1F1}" CmdLine="*windows-sandbox.*/cmdline" Path="*\bazelsandbox.exe" >
		<VersionInfo ProductName="bazelsandbox" FileDescription="bazelsandbox" />
	</Image>
<!-- Part 0037 2024-05-22T14:51:00.000Z-1716389482 -->
<!-- ############################################################################################################### -->

</Filters>