MD5,SHA1,SHA256 microsoft windows splunk btool.exe SnareCore nxlog Microsoft Monitoring Agent\Agent\MonitoringHost.exe ClearMyTracksByProcess lsass.exe winlogon.exe svchost.exe Windows\CurrentVersion\Run Windows\CurrentVersion\Image File Execution Options CurrentControlSet\Services Microsoft\Windows NT\CurrentVersion\Winlogon Microsoft\Windows\CurrentVersion\Policies\Explorer Microsoft\Windows\CurrentVersion\RunOnce System\CurrentControlSet\Services\Tcpip\parameters \W32Time\ \Toredo 80 443 8080 3389 cmd.exe PsExe winexe powershell cscript mstsc RTS2App RTS3App wmic