From 9866fdec4fa23cb3e7bdd00004e8c64cd1412889 Mon Sep 17 00:00:00 2001
From: Dakhama mehdi <49924401+dakhama-mehdi@users.noreply.github.com>
Date: Mon, 18 Nov 2024 11:50:01 +0100
Subject: [PATCH] Add files via upload
---
Private/FileHandlers.psm1 | 1186 ++++++++++++++++++++++++++++++++++++
Private/Hardensysvol.psd1 | 279 +++++++++
Public/HardenSysvol.psm1 | 821 +++++++++++++++++++++++++
Public/extensions.json | 394 ++++++++++++
Public/file_extensions.xml | 93 +++
5 files changed, 2773 insertions(+)
create mode 100644 Private/FileHandlers.psm1
create mode 100644 Private/Hardensysvol.psd1
create mode 100644 Public/HardenSysvol.psm1
create mode 100644 Public/extensions.json
create mode 100644 Public/file_extensions.xml
diff --git a/Private/FileHandlers.psm1 b/Private/FileHandlers.psm1
new file mode 100644
index 0000000..4fdee61
--- /dev/null
+++ b/Private/FileHandlers.psm1
@@ -0,0 +1,1186 @@
+# FileHandlers.psm1
+
+#region FonctionDetect
+
+function Get-OthersContent {
+ param (
+ [string]$filepath,
+ [string[]]$patterns
+ )
+ $results = @()
+ try {
+ $findmatch = Select-String -Path $filepath -Pattern $patterns -AllMatches
+ foreach ($match in $findmatch) {
+
+ $patternMatch = $match.pattern -replace '\\b',''
+ [string]$word= $match.line.Replace($patternMatch,'')
+
+ if (-not([string]::IsNullOrEmpty(($word -replace '^[\s=:"]+').Trim()))){
+
+ switch ($patternMatch) {
+ '(?:[0-9]{1,3}\.){3}[0-9]{1,3}' { $patternMatch = 'IPv4' }
+ '[a-fA-F0-9]{32}' { $patternMatch = 'MD5' }
+ '[a-fA-F0-9]{40}' { $patternMatch = 'SHA-1' }
+ '[a-fA-F0-9]{64}' { $patternMatch = 'SHA-256' }
+ default {
+ switch -Wildcard ($patternMatch) {
+ 'net *' { $patternMatch = 'Commande Net User' }
+ default { $patternMatch = $patternMatch }
+ }
+ }
+ }
+
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = $patternMatch
+ Reason = $match.Line
+ }
+ $results += $result
+ }
+ }
+ } catch {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'error'
+ Reason = $_.Exception.Message
+ }
+ $results = $result
+ }
+ return $results
+}
+
+function Get-DocxContent {
+ param (
+ [string]$filepath,
+ [string[]]$patterns
+ )
+ $results = @()
+ Import-Module PSWriteOffice
+ try {
+ $document = Get-OfficeWord -FilePath $filepath -ReadOnly
+ $n = 0
+ foreach ($pattern in $patterns) {
+ $pattern = $pattern -replace '\\b', ''
+ [string]$findtext = $document.Find($pattern) | Select-Object text -First 2
+ if ($findtext) {
+ if ($n -le '1') {
+ foreach ($text in $findtext) {
+ $n++
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = $pattern
+ Reason = $text
+ }
+ $results += $result
+ }
+ } elseif ($n -gt '1') {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = $pattern
+ Reason = "at least " + $n + " characters found"
+ }
+ $results += $result
+ break }
+ }
+ }
+ Close-OfficeWord -Document $document
+ }
+ catch { $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'error'
+ Reason = $_
+ }
+ $results = $result
+ }
+ $results
+ }
+
+function Get-XlsxContent {
+ param (
+ [string]$filepath,
+ [string[]]$patterns
+ )
+ $results = @()
+ Import-Module PSWriteOffice
+ try {
+ $excel = Get-OfficeExcel -FilePath $filepath
+ $n = 0
+ foreach ($pattern in $patterns) {
+ $pattern = $pattern -replace '\\b', ''
+ [string]$findtext = $excel.Search($pattern, [System.Globalization.CompareOptions]::IgnoreCase, $false) | Select-Object value -First 2
+ if ($findtext) {
+ if ($n -le '2') {
+ foreach ($text in $findtext) {
+ $n++
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = $pattern
+ Reason = $text
+ }
+ $results += $result
+ }
+ } else {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = $pattern
+ Reason = "at least " + $n + " characters found"
+ }
+ $results += $result
+ break }
+ }
+ }
+ $excel.Dispose()
+ }
+ catch {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'error'
+ Reason = $_
+ }
+ $results = $result
+ }
+ $results
+}
+
+function Get-DocContent {
+ param (
+ [string]$filepath,
+ [string[]]$patterns,
+ [string]$wordinstalled
+ )
+ $results = @()
+ if ($wordinstalled -eq $false) {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'requires_check'
+ Reason = 'Word is not installed'
+ }
+ $results += $result
+ } else {
+ $wordApp = New-Object -ComObject Word.Application
+ $wordApp.Visible = $false
+ try {
+ $document = $wordApp.Documents.Open($filepath, [ref]$null, [ref]$true)
+ $n = 0
+ foreach ($pattern in $patterns) {
+ $pattern = $pattern -replace '\\b', ''
+ $find = $document.Content.Find | Select-Object -First 1
+ $find.Text = $pattern
+ $find.Forward = $true
+ $find.Wrap = 1 # wdFindContinue
+ $find.Execute() | Out-Null
+ if ($find.Found) {
+ if ($n -le '2') {
+ $n++
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = $pattern
+ Reason = "at least " + $n + " characters found"
+ }
+ $results = $result
+ } else { break }
+ }
+ }
+ $document.Close([ref]$false)
+ [System.Runtime.Interopservices.Marshal]::ReleaseComObject($document) | Out-Null
+ } catch {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'error'
+ Reason = $_.Exception.Message
+ }
+ $results = $result
+ } finally {
+ $wordApp.Quit()
+ [System.Runtime.Interopservices.Marshal]::ReleaseComObject($wordApp) | Out-Null
+ [System.GC]::Collect()
+ [System.GC]::WaitForPendingFinalizers()
+ }
+ }
+ $results
+}
+
+function Get-XlsContent {
+ param (
+ [string]$filePath,
+ [string[]]$patterns,
+ [string]$excelInstalled
+ )
+ $results = @()
+
+ if ($excelInstalled -eq $false) {
+ $result = [PSCustomObject]@{
+ FilePath = $filePath
+ pattern = 'requires_check'
+ Reason = 'Excel is not installed'
+ }
+ $results += $result
+ } else {
+ $excelApp = New-Object -ComObject Excel.Application
+ $excelApp.Visible = $false
+ try {
+ $workbook = $excelApp.Workbooks.Open($filePath, [ref]$null, [ref]$true)
+ $n = 0
+ foreach ($pattern in $patterns) {
+ $pattern = $pattern -replace '\\b', ''
+ foreach ($sheet in $workbook.Sheets) {
+ $cells = $sheet.Cells.Find($pattern)
+ if ($null -ne $cells) {
+ if ($n -le '2') {
+ $n++
+ $result = [PSCustomObject]@{
+ FilePath = $filePath
+ pattern = $pattern
+ Reason = "at least " + $n + " characters found"
+ }
+ $results = $result
+ } else { break }
+ }
+ }
+ }
+ $workbook.Close([ref]$false)
+ [System.Runtime.Interopservices.Marshal]::ReleaseComObject($workbook) | Out-Null
+ } catch {
+ $result = [PSCustomObject]@{
+ FilePath = $filePath
+ pattern = 'error'
+ Reason = $_.Exception.Message
+ }
+ $results = $result
+ } finally {
+ $excelApp.Quit()
+ [System.Runtime.Interopservices.Marshal]::ReleaseComObject($excelApp) | Out-Null
+ [System.GC]::Collect()
+ [System.GC]::WaitForPendingFinalizers()
+ }
+ }
+ $results
+}
+
+function Get-PPTContent {
+ param (
+ [string]$filepath,
+ [string[]]$patterns,
+ [string]$wordinstalled
+ )
+ $results = @()
+ if ($wordinstalled -eq $false) {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'requires_check'
+ Reason = 'Office is not installed'
+ }
+ $results += $result
+ }
+ else {
+ try {
+ $MSPPT = New-Object -ComObject powerpoint.application
+ $PRES = $MSPPT.Presentations.Open($filepath, $true, $true, $false)
+
+ $n = 0
+
+ foreach($Slide in $PRES.Slides) {
+ foreach ($Shape in $Slide.Shapes) {
+
+ if ($Shape.HasTextFrame -eq "-1") {
+ $text = $Shape.TextFrame.TextRange.Text
+
+ foreach ($pattern in $patterns) {
+
+ $pattern = $pattern -replace '\\b', ''
+
+ if ($text -match $pattern) {
+
+ if ($n -le '2') {
+
+ $n++
+
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = $pattern
+ Reason = "at least " + $n + " characters found"
+ }
+ $results = $result
+ } else { break }
+ }
+
+ }
+ }
+ }
+ }
+
+ $MSPPT.PresentationClose
+ [System.Runtime.Interopservices.Marshal]::ReleaseComObject($MSPPT) | Out-Null
+ } catch {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'error'
+ Reason = $_.Exception.Message
+ }
+ $results = $result
+ } finally {
+ $MSPPT.Quit()
+ [System.Runtime.Interopservices.Marshal]::ReleaseComObject($MSPPT) | Out-Null
+ [System.GC]::Collect()
+ [System.GC]::WaitForPendingFinalizers()
+ }
+ }
+ $results
+}
+
+function Get-OdsContent {
+ param (
+ [string]$filePath,
+ [string[]]$patterns
+ )
+ $results = @()
+
+
+ # Open ODS file
+ Add-Type -AssemblyName System.IO.Compression.FileSystem
+ $zip = [System.IO.Compression.ZipFile]::OpenRead($filePath)
+
+ # Extract contenant
+ $contentXmlEntry = $zip.Entries | Where-Object { $_.FullName -eq "content.xml" }
+ $reader = [System.IO.StreamReader]::new($contentXmlEntry.Open())
+ $contentXml = $reader.ReadToEnd()
+ $reader.Close()
+ $zip.Dispose()
+
+ # Analys file XML
+ [xml]$xmlContent = $contentXml
+
+ # Read text XML
+ $textContent = $xmlContent.'document-content'.InnerText
+
+ $n = 0
+ foreach ($pattern in $patterns) {
+ $pattern = $pattern -replace '\\b', ''
+ if ($textContent -match $pattern) {
+ if ($n -le '2') {
+ $n++
+ $result = [PSCustomObject]@{
+ FilePath = $filePath
+ Pattern = $pattern
+ Reason = "at least " + $n + " characters found"
+ }
+ $results = $result
+ }
+ }
+ }
+ $results
+}
+
+function Get-Pdfcontent {
+ param (
+ [string]$filepath,
+ [string[]]$patterns
+ )
+
+ $results = @()
+ Import-Module PSWritePDF
+ try {
+ $text = (Convert-PDFToText -FilePath $filepath) -join "`n"
+ $n = 0
+ foreach ($pattern in $passwordPatterns) {
+ if ($text -match $pattern) {
+ if ($n -le '2') {
+ $n++
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = $pattern
+ Reason = "at least " + $n + " characters found"
+ }
+ $results = $result
+ } else { break }
+ }
+ }
+ }
+ catch {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'error'
+ Reason = $_.Exception.Message
+ }
+ $results = $result
+ }
+ $results
+}
+
+function Get-Xmlcontent {
+ param (
+ [string]$filepath,
+ [string[]]$patterns
+ )
+ $results = @()
+ $xmlContent = Get-Content -Path $filepath -Raw
+ if ($xmlContent -match 'cpassword') {
+ $xml = [xml]$xmlContent
+ # Check for cpassword
+ $cpasswords = @()
+ if ($xml.Groups.User) {
+ $cpasswords = $xml | Select-Xml "/Groups/User/Properties/@cpassword" | Select-Object -Expand Node | ForEach-Object {$_.Value}
+ } elseif ($xml.NTServices.NTService) {
+ $cpasswords = $xml | Select-Xml "/NTServices/NTService/Properties/@cpassword" | Select-Object -Expand Node | ForEach-Object {$_.Value}
+ } elseif ($xml.ScheduledTasks.Task) {
+ $cpasswords = $xml | Select-Xml "/ScheduledTasks/Task/Properties/@cpassword" | Select-Object -Expand Node | ForEach-Object {$_.Value}
+ } elseif ($xml.DataSources.DataSource) {
+ $cpasswords = $xml | Select-Xml "/DataSources/DataSource/Properties/@cpassword" | Select-Object -Expand Node | ForEach-Object {$_.Value}
+ } elseif ($xml.Printers.SharedPrinter) {
+ $cpasswords = $xml | Select-Xml "/Printers/SharedPrinter/Properties/@cpassword" | Select-Object -Expand Node | ForEach-Object {$_.Value}
+ } elseif ($xml.Drives.Drive) {
+ $cpasswords = $xml | Select-Xml "/Drives/Drive/Properties/@cpassword" | Select-Object -Expand Node | ForEach-Object {$_.Value}
+ }
+ if ($cpasswords) {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ Pattern = 'cpassword'
+ Reason = $cpasswords
+ }
+ $results += $result
+ }
+ }
+ elseif ($xmlContent -match 'DefaultUserName') {
+
+ $xml = [xml]$xmlContent
+ # Check for AutoLogon
+ $userName = ""
+ $password = ""
+ foreach ($registry in $xml.RegistrySettings.Registry) {
+ if ($registry.Properties.name -eq "DefaultUserName") {
+ $userName = $registry.Properties.value
+ }
+ if ($registry.Properties.name -eq "DefaultPassword") {
+ $password = $registry.Properties.value
+ }
+ }
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ Pattern = 'AutoLogon'
+ Reason = "$userName : $password"
+ }
+ $results += $result
+ }
+ else {
+ $xml = [xml]$xmlContent
+ foreach ($pattern in $patterns) {
+ $findmatches = $xmlContent | Select-String -Pattern $pattern
+ foreach ($match in $findmatches) {
+
+ switch ($pattern) {
+ '\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b' { $pattern = 'IPv4' }
+ '\b[a-fA-F0-9]{32}\b' { $pattern = 'MD5' }
+ '\b[a-fA-F0-9]{40}\b' { $pattern = 'SHA-1' }
+ '\b[a-fA-F0-9]{64}\b' { $pattern = 'SHA-256' }
+ default {
+ switch -Wildcard ($pattern) {
+ 'net *' { $pattern = 'Commande Net User' }
+ default { $pattern = $pattern }
+ }
+ }
+ }
+
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ Pattern = $pattern
+ Reason = $match.Matches.Value
+ }
+ $results += $result
+ }
+ }
+ }
+ $results
+}
+
+function Get-Executablescontent {
+
+ param (
+ [string]$filepath
+ )
+
+ $results = @()
+ if ($filepath -notlike '*.jar') {
+ $signature = Get-AuthenticodeSignature -FilePath $filepath
+ if ($signature.Status -ne 'Valid') {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = "NotSigned"
+ Reason = 'File is Not Signed'
+ }
+ $results = $result
+ }
+ } else {
+ $isSigned = $false
+ try {
+ $zip = [System.IO.Compression.ZipFile]::OpenRead($filepath)
+ foreach ($entry in $zip.Entries) {
+ if ($entry.FullName -like "META-INF/*.SF") {
+ $isSigned = $true
+ break
+ }
+ }
+ $zip.Dispose()
+ } catch {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'error'
+ Reason = $_.Exception.Message
+ }
+ $results = $result
+ }
+
+ if (!$isSigned) {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = "NotSigned"
+ Reason = "Jar file not signed"
+ }
+ $results = $result
+ }
+ }
+ $results
+}
+
+function Get-Zipprotectedbypass {
+ param (
+ [string]$filepath,
+ [string]$zipinstalled
+ )
+ $extension = [System.IO.Path]::GetExtension($filePath).TrimStart('.')
+ if ($extension -eq "zip" ) {
+ try {
+ $zip = [System.IO.Compression.ZipFile]::OpenRead($filepath)
+
+ foreach ($entry in $zip.Entries) {
+ $stream = $entry.Open()
+ [byte[]]$buffer = New-Object byte[] 10
+ $stream.Read($buffer, 0, $buffer.Length) | Out-Null
+ $stream.Close()
+ break
+ }
+
+ $zip.Dispose()
+ return $null
+ }
+ catch {
+ if ($_.Exception.Message -match "(Read|Block|Password|Encrypted)") {
+
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'Zip protected'
+ Reason = 'File protected by password'
+ }
+
+ return $result
+ } else {
+ Write-Host "Erreur inattendue : $_"
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'Zip check error'
+ Reason = 'Error to read zip : $_'
+ }
+ return $result
+ }
+ }
+ } elseif ($zipinstalled) {
+
+ $sevenZipPath = $zipinstalled + "7z.exe"
+ $output = & "$sevenZipPath" t "$filepath" -pBadPasswordConf 2>&1
+ if ($output -match "Wrong password") {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'Zip protected'
+ Reason = 'File protected by password'
+ }
+ return $result
+ }
+ }
+
+}
+
+function Get-Requiredcheckcontent {
+
+ param (
+ [string]$filepath
+ )
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'check required'
+ Reason = 'Binary does not match'
+ }
+
+ return $result
+ }
+
+function Get-CertifsContent {
+ param (
+ [string]$filePath
+ )
+
+ $results = @()
+ try {
+ # Try to load certificat with class .NET X509Certificate2
+ $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
+ $cert.Import($filePath)
+ if (!$cert.Thumbprint) { $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'Certificate Empty'
+ Reason = 'Certificate without Thumbprint'
+ }
+ $results = $result }
+ if ($cert.PrivateKey) { $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'Certificate private key'
+ Reason = 'certificate with exportable private key'
+ }
+ $results += $result }
+ $cert.Dispose()
+ }
+ catch {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'Protected Certificate'
+ Reason = ($_.Exception.Message).split(":").split("`n")[1].Trim()
+ }
+ $results = $result
+ }
+ return $results
+}
+
+function Get-P7bCertContent {
+ param (
+ [string]$filePath
+ )
+ $results = @()
+ try {
+ # Create certificate collection contenant P7B ou P7C
+ $certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
+ $certCollection.Import($filePath)
+
+ # browse all certificate present in P7B/P7C
+ foreach ($cert in $certCollection) {
+ if (!$cert.Thumbprint) {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'Certificate Empty'
+ Reason = 'Certificate without Thumbprint'
+ }
+ $results += $result
+ }
+ if ($cert.PrivateKey) {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'Certificate private key'
+ Reason = 'certificate with exportable private key'
+ }
+ $results += $result
+ }
+ $cert.Dispose()
+ }
+ }
+ catch {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'Protected Certificate'
+ Reason = $_.Exception.Message
+ }
+ $results = $result
+ }
+ return $results
+}
+
+function Get-HiddenFilesInImage {
+ param (
+ [string]$filePath
+ )
+
+ $fileInfo = Get-Item $filePath
+ $fileSizeMB = [math]::Round($fileInfo.Length / 1MB, 2)
+
+ # Skip file more than 4 Mo
+ if ($fileSizeMB -gt 4) {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'Large size'
+ Reason = "File ignored: (size: $fileSizeMB MB)"
+ }
+ return $result
+ }
+
+ try {
+ # read binary and convert file to Hexa
+ $fileBytes = [System.IO.File]::ReadAllBytes($filePath)
+ $fileHex = [BitConverter]::ToString($fileBytes) -replace '-'
+
+ $magicNumbers = [ordered]@{
+ "MSI" = "D0CF11E0A1B11AE1" # MSI or office
+ "RAR" = "526172211A0700"; # RAR file
+ "ZIP" = "504B0304"; # ZIP file
+ "7z" = "377ABCAF271C"; # 7z file
+ "EXE" = "4D5A"; # EXE file (MZ header)
+ }
+
+ foreach ($key in $magicNumbers.Keys) {
+ $magicNumber = $magicNumbers[$key]
+ $currentIndex = 0
+
+ if ($fileHex -match $magicNumber) {
+
+ if ($key -eq "EXE") {
+ while ($fileHex.IndexOf($magicNumber, $currentIndex) -ne -1) {
+ $startIndex = $fileHex.IndexOf($magicNumber, $currentIndex)
+ # Extract the part after the Magic Number (limited to 400 bytes after)
+ $remainingHex = $fileHex.Substring($startIndex + $magicNumber.Length, [Math]::Min(200 * 2, $fileHex.Length - ($startIndex + $magicNumber.Length)))
+
+ # Check for the presence of the special string "0000004000" in this range
+ if ($remainingHex -match "0000004000") {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'Suspicious Image'
+ Reason = "EXE file with '0000004000' string detected"
+ }
+ return $result
+ }
+
+ # Continue the search from the next index
+ $currentIndex = $startIndex + $magicNumber.Length
+ }
+ }
+ elseif ($key -eq "ZIP") {
+
+ # Find the index where the ZIP file starts
+ $startIndex = $fileHex.IndexOf($magicNumber, $currentIndex) / 2 # Divide by 2 because each hexadecimal represents 2 characters
+
+ # Extract the ZIP bytes starting from this index
+ $zipBytes = $fileBytes[$startIndex..($fileBytes.Length - 1)]
+
+ $tempDir = [System.IO.Path]::GetTempPath()
+ $fileNameWithoutExtension = [System.IO.Path]::GetFileNameWithoutExtension($filePath)
+ $tempZipPath = [System.IO.Path]::Combine($tempDir, "$fileNameWithoutExtension.zip")
+ [System.IO.File]::WriteAllBytes($tempZipPath, $zipBytes)
+
+ # Read the ZIP file and list the files
+ Add-Type -AssemblyName System.IO.Compression.FileSystem
+ $zip = [System.IO.Compression.ZipFile]::OpenRead($tempZipPath)
+
+ # List the files inside the ZIP
+ $fileNames = $zip.Entries | Select-Object -ExpandProperty FullName
+ $fileNames | ForEach-Object { Write-Host "File in ZIP: $_" }
+
+ $zip.Dispose()
+
+ # Delete the temporary file
+ Remove-Item $tempZipPath
+
+ # Return the result
+ $result = [PSCustomObject]@{
+ FilePath = $filePath
+ Pattern = 'Suspicious Image'
+ Reason = "ZIP detected in pictures. Containing: $($fileNames -join ', ')"
+ }
+ return $result
+}
+ else {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'Suspicious Image'
+ Reason = "File $key detected in the image"
+ }
+ return $result
+ }
+ }
+ }
+ }
+ catch {
+ $result = [PSCustomObject]@{
+ FilePath = $filepath
+ pattern = 'Error'
+ Reason = "Details : $_"
+ }
+ return $result
+ }
+}
+
+#endregion FonctionDetect
+
+# Add other functions for different file types...
+
+function Get-CompressedFileType {
+ param (
+ [string]$filePath,
+ [object[]]$detectedType
+ )
+
+
+ # More check fot DOCX, XLSX, ODT, ODS ou JAR PPTX zip
+ if ($detectedType -contains "docx" -or $detectedType -contains "jar") {
+ try {
+ Add-Type -AssemblyName System.IO.Compression.FileSystem
+ $zip = [System.IO.Compression.ZipFile]::OpenRead($filePath)
+
+ $fileNames = $zip.Entries | Select-Object -ExpandProperty FullName
+
+ if ($fileNames -contains "word/document.xml") {
+ $detectedType = "docx"
+ }
+ elseif ($fileNames -contains "xl/workbook.xml") {
+ $detectedType = "xlsx"
+ }
+ elseif ($fileNames -contains "ppt/presentation.xml") {
+ $detectedType = "pptx"
+ }
+ elseif ($fileNames -contains "visio/document.xml") {
+ $detectedType = "vsdx"
+ }
+ elseif ($fileNames -contains "content.xml") {
+ $mimetypeEntry = $zip.Entries | Where-Object { $_.FullName -eq "mimetype" }
+ if ($mimetypeEntry -ne $null) {
+ $reader = [System.IO.StreamReader]::new($mimetypeEntry.Open())
+ $mimetype = $reader.ReadToEnd()
+ $reader.Close()
+
+ switch ($mimetype) {
+ "application/vnd.oasis.opendocument.spreadsheet" {
+ $detectedType = "ods"
+ }
+ "application/vnd.oasis.opendocument.text" {
+ $detectedType = "odt"
+ }
+ "application/vnd.oasis.opendocument.presentation" {
+ $detectedType = "odp"
+ }
+ "application/vnd.oasis.opendocument.text-template" {
+ $detectedType = "ott"
+ }
+ }
+ }
+ }
+ elseif ($fileNames -contains "META-INF/MANIFEST.MF") {
+ $detectedType = "jar"
+ }
+ else { $detectedType = "others" }
+ $zip.Dispose()
+ }
+ catch {
+ $detectedType = "requires_check"
+ }
+ }
+ elseif ($detectedType -contains "doc") {
+
+ $a = [System.IO.File]::ReadAllBytes($filePath)
+ $content = [System.Text.Encoding]::ASCII.GetString($a)
+
+ if ($content.Contains("Word.Document")) {
+ $detectedType = "doc"
+ } elseif ($content.Contains("MSI") -or $content.Contains("Installer")) {
+ $detectedType = "msi"
+ } elseif ($content.Contains("Excel") ) {
+ $detectedType = "xls"
+ } elseif ($content.Contains("PowerPoint")) {
+ $detectedType = "ppt"
+ } elseif ($content.Contains("Microsoft Visio")) {
+ $detectedType = "vsd"
+ } else {
+ #check for db files
+ $offsetBytes = [System.IO.File]::ReadAllBytes($filePath)[1024..1050]
+ $offsetAscii = [System.Text.Encoding]::ASCII.GetString($offsetBytes).Trim()
+ $filteredAscii = ($offsetAscii -split '').Where{ $_ -match '[A-Za-z ]' } -join ''
+
+ if ($filteredAscii -replace '\s+', ' ' -eq "Root Entry") {
+ $detectedType = "db"
+ }
+ else {
+ $detectedType = "others"
+ }
+ }
+ }
+ return $detectedType
+}
+function Get-FileType {
+ param (
+ [string]$filePath,
+ [object]$jsonContent
+ )
+
+ $detectedType = "others"
+ $extension = [System.IO.Path]::GetExtension($filePath).TrimStart('.')
+ $fileHeaderHex = [System.IO.File]::ReadAllBytes($filePath)[0..16] | ForEach-Object { "{0:X2}" -f $_ }
+ $fileHeaderHex = ($fileHeaderHex -join '').Trim()
+
+ if ($fileHeaderHex.Length -eq 0) {
+ return "empty"
+ }
+ $matchFound = $false
+ foreach ($entry in $jsonContent.magic_numbers) {
+ if ($matchFound) { break }
+
+ foreach ($expectedMagic in $entry.magic) {
+ if ($matchFound) { break }
+
+ if ($expectedMagic.Length -le $fileHeaderHex.Length) {
+ $difference = Compare-Object -ReferenceObject $expectedMagic -DifferenceObject ($fileHeaderHex.Substring(0, $expectedMagic.Length)) -SyncWindow 0
+
+ if ($difference.Count -eq 0) {
+ if ($entry.offset) {
+ foreach ($offsetItem in $entry.offset) {
+ $offsetPosition = $expectedOffsetValue = $null
+ $offsetPosition = $offsetItem[0]
+ $expectedOffsetValue = $offsetItem[1]
+ $lastpostition = $offsetPosition + ($expectedOffsetValue.Length/2)-1
+
+ $CustomfileHeaderHex = [System.IO.File]::ReadAllBytes($filePath)[$offsetPosition..$lastpostition] | ForEach-Object { "{0:X2}" -f $_ }
+ $specificBytes = ($CustomfileHeaderHex -join '').Trim()
+
+ if ($specificBytes -eq $expectedOffsetValue) {
+ if ($extension -notin $entry.extensions) {
+ $detectedType = 'requires_check'
+ } else {
+ $detectedType = $extension
+ }
+ $matchFound = $true
+ break
+ }
+ }
+ }
+ else {
+ if ($extension -notin $entry.extensions) {
+ $detectedType = 'requires_check'
+ }
+ else {
+ if ($entry.extensions -contains "docx" -or $entry.extensions -contains "doc") {
+ $detectedType = Get-CompressedFileType -filePath $filePath -detectedType $entry.extensions
+ }
+ if ($detectedType -eq "others" -and $extension -in $entry.extensions) {
+ $detectedType = $extension
+ } elseif ($detectedType -ne $extension -and $detectedType -ne "others") {
+ $detectedType = 'requires_check'
+ }
+ }
+ $matchFound = $true
+ break
+ }
+ }
+ }
+ }
+ }
+
+ if ($detectedType -eq 'others' -and $extension -in $jsonContent.magic_numbers.extensions) {
+ $detectedType = 'requires_check'
+ }
+
+ if ($detectedType -eq "others") {
+ $firstLine = Get-Content -Path $filePath -TotalCount 1
+ if ($firstLine -match '^<\?xml') {
+ $detectedType = "xml"
+ }
+ }
+
+ return $detectedType
+}
+# SIG # Begin signature block
+# MIImVgYJKoZIhvcNAQcCoIImRzCCJkMCAQExDzANBglghkgBZQMEAgEFADB5Bgor
+# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
+# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCC8KZNcKCzMj87C
+# Xm3TUdHfsYDelwrkLm78Scnqq3gb1qCCH+wwggWNMIIEdaADAgECAhAOmxiO+dAt
+# 5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
+# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNV
+# BAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4MDEwMDAwMDBa
+# Fw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy
+# dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD
+# ZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+# ggIBAL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3E
+# MB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKy
+# unWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsF
+# xl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU1
+# 5zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB
+# MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObUR
+# WBf3JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6
+# nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxB
+# YKqxYxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5S
+# UUd0viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+x
+# q4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjggE6MIIB
+# NjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTs1+OC0nFdZEzfLmc/57qYrhwP
+# TzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAOBgNVHQ8BAf8EBAMC
+# AYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
+# Y2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv
+# bS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0
+# aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENB
+# LmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggEBAHCgv0Nc
+# Vec4X6CjdBs9thbX979XB72arKGHLOyFXqkauyL4hxppVCLtpIh3bb0aFPQTSnov
+# Lbc47/T/gLn4offyct4kvFIDyE7QKt76LVbP+fT3rDB6mouyXtTP0UNEm0Mh65Zy
+# oUi0mcudT6cGAxN3J0TU53/oWajwvy8LpunyNDzs9wPHh6jSTEAZNUZqaVSwuKFW
+# juyk1T3osdz9HNj0d1pcVIxv76FQPfx2CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPF
+# mCLBsln1VWvPJ6tsds5vIy30fnFqI2si/xK4VC0nftg62fC2h5b9W9FcrBjDTZ9z
+# twGpn1eqXijiuZQwggYoMIIEEKADAgECAhBrxlWg9go45bxtH9Zi+WCgMA0GCSqG
+# SIb3DQEBCwUAMFYxCzAJBgNVBAYTAlBMMSEwHwYDVQQKExhBc3NlY28gRGF0YSBT
+# eXN0ZW1zIFMuQS4xJDAiBgNVBAMTG0NlcnR1bSBDb2RlIFNpZ25pbmcgMjAyMSBD
+# QTAeFw0yNDExMDYwOTQ0MjlaFw0yNTExMDYwOTQ0MjhaME4xCzAJBgNVBAYTAkZS
+# MQ8wDQYDVQQHDAZUb3Vsb24xFjAUBgNVBAoMDU1laGRpIERha2hhbWExFjAUBgNV
+# BAMMDU1laGRpIERha2hhbWEwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIB
+# gQCsFc3e5PwEJuycVRR54Qp8hFEckVwj7u1hMc7fejXKC/oR+uixlujLAHA9NcGX
+# jcQIXNP3GmezLF3Tj6Jvcs/kNT/a5zqjI5HEfIap7EHwf03f5060+Rc21v1UDjzj
+# DZzi9xFFum8eeGLc4pTzUB3wP3+M+mY7d5QlTjIxZSNnMBisJE8ASqG9JtRcQmIz
+# HACI70xRCQVV8ZjJ8J+Shr6wkNdDy/IjR+Y9VkMRIJozWR+pqbKuQOIDBSxQYVHg
+# bT+gsLOfvHkBPJN0ZQe7eJdG7J78Z1nzNH9yXhZ0HHdPB80tUwM0HC1n4LO3kki/
+# IBmg4Qq/UyMMQd826fJk3ylbAlf8w7N80INQcLLBGVECmWI21d9f3l5usvWDa+mJ
+# ma57c6GUDY05Jg5owLgNREZsyRt5rOlg68NLmz9tuEkJA1D4ntpKq0KZc3HJv04x
+# XTcfTEqbKYr7vZ//ENsell5UdUQxL6rGJzazhsK02ZcmasICiHNLfG/tBaolCbeM
+# 8ekCAwEAAaOCAXgwggF0MAwGA1UdEwEB/wQCMAAwPQYDVR0fBDYwNDAyoDCgLoYs
+# aHR0cDovL2Njc2NhMjAyMS5jcmwuY2VydHVtLnBsL2Njc2NhMjAyMS5jcmwwcwYI
+# KwYBBQUHAQEEZzBlMCwGCCsGAQUFBzABhiBodHRwOi8vY2NzY2EyMDIxLm9jc3At
+# Y2VydHVtLmNvbTA1BggrBgEFBQcwAoYpaHR0cDovL3JlcG9zaXRvcnkuY2VydHVt
+# LnBsL2Njc2NhMjAyMS5jZXIwHwYDVR0jBBgwFoAU3XRdTADbe5+gdMqxbvc8wDLA
+# cM0wHQYDVR0OBBYEFAG3sIcT8bRm7QyFu8699Gpkr5NmMEsGA1UdIAREMEIwCAYG
+# Z4EMAQQBMDYGCyqEaAGG9ncCBQEEMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vd3d3
+# LmNlcnR1bS5wbC9DUFMwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDgYDVR0PAQH/BAQD
+# AgeAMA0GCSqGSIb3DQEBCwUAA4ICAQCJ58BnchFNGzLksJ9oHFEWTs643G+PKOHr
+# 9RmrKSB/4MtPriG5iez+MFsGqYwkYd5QzqOIYg24ctfbWXJWG8Xj+YMfp1r+hkYq
+# O0Abpv26sZ1ZjNGgGUbb3z7KqhY+IdVpZf2aG/Rycl5dE2LbhWqp9h24WfQCIS/e
+# XxH7HmM9SEBHYbfOqlEA+RF/gRGYCQOg0ui2j0ZzIOrQGj3Njn/5rzP9OmPmLt4h
+# DsixjFWgu598XmRKj5KW1MShFIjUuUzSmOWDgKA16lJi6LggdFAB/MImiDH48v8N
+# /9R9En24pUGGj2XOgBX5SZ4kj+VN1YaY1vYPFp3wLu85zpgRZgZQC+WurX8s1tRn
+# iCIj/+ajUB4G4TcbTz6k16X1Yz9ba1y7p/hJB92uDW7esMGgqzEv+Osd11bVoNmv
+# CE8Twsz0cuFJqBtVZIycCkgw/AVyJIsNS6RADi94PvbOf8rty8HV3bHmm6O4wJVc
+# 5ch50bL7JVyYTPN5OTzXSDx62wKi5ePZvEF7RX3cQlTQMYticde91khs2n2FZ06K
+# Uin5DtQgxy0Q1ufFIDZthsk5AaSWiZzFgAgJt8JaQGPyGAYl2Sr8a/gMLpcBsPwI
+# zdlDUOJwyHPxlR9ZiraUzF/1SSN7CgjqFSDAAZ+i4i8gZsPpU38GtBSLrw/CrnUB
+# /KGcFNMvszCCBq4wggSWoAMCAQICEAc2N7ckVHzYR6z9KGYqXlswDQYJKoZIhvcN
+# AQELBQAwYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcG
+# A1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3Rl
+# ZCBSb290IEc0MB4XDTIyMDMyMzAwMDAwMFoXDTM3MDMyMjIzNTk1OVowYzELMAkG
+# A1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdp
+# Q2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTCC
+# AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMaGNQZJs8E9cklRVcclA8Ty
+# kTepl1Gh1tKD0Z5Mom2gsMyD+Vr2EaFEFUJfpIjzaPp985yJC3+dH54PMx9QEwsm
+# c5Zt+FeoAn39Q7SE2hHxc7Gz7iuAhIoiGN/r2j3EF3+rGSs+QtxnjupRPfDWVtTn
+# KC3r07G1decfBmWNlCnT2exp39mQh0YAe9tEQYncfGpXevA3eZ9drMvohGS0UvJ2
+# R/dhgxndX7RUCyFobjchu0CsX7LeSn3O9TkSZ+8OpWNs5KbFHc02DVzV5huowWR0
+# QKfAcsW6Th+xtVhNef7Xj3OTrCw54qVI1vCwMROpVymWJy71h6aPTnYVVSZwmCZ/
+# oBpHIEPjQ2OAe3VuJyWQmDo4EbP29p7mO1vsgd4iFNmCKseSv6De4z6ic/rnH1ps
+# lPJSlRErWHRAKKtzQ87fSqEcazjFKfPKqpZzQmiftkaznTqj1QPgv/CiPMpC3BhI
+# fxQ0z9JMq++bPf4OuGQq+nUoJEHtQr8FnGZJUlD0UfM2SU2LINIsVzV5K6jzRWC8
+# I41Y99xh3pP+OcD5sjClTNfpmEpYPtMDiP6zj9NeS3YSUZPJjAw7W4oiqMEmCPkU
+# EBIDfV8ju2TjY+Cm4T72wnSyPx4JduyrXUZ14mCjWAkBKAAOhFTuzuldyF4wEr1G
+# nrXTdrnSDmuZDNIztM2xAgMBAAGjggFdMIIBWTASBgNVHRMBAf8ECDAGAQH/AgEA
+# MB0GA1UdDgQWBBS6FtltTYUvcyl2mi91jGogj57IbzAfBgNVHSMEGDAWgBTs1+OC
+# 0nFdZEzfLmc/57qYrhwPTzAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYB
+# BQUHAwgwdwYIKwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k
+# aWdpY2VydC5jb20wQQYIKwYBBQUHMAKGNWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0
+# LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3J0MEMGA1UdHwQ8MDowOKA2oDSG
+# Mmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQu
+# Y3JsMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATANBgkqhkiG9w0B
+# AQsFAAOCAgEAfVmOwJO2b5ipRCIBfmbW2CFC4bAYLhBNE88wU86/GPvHUF3iSyn7
+# cIoNqilp/GnBzx0H6T5gyNgL5Vxb122H+oQgJTQxZ822EpZvxFBMYh0MCIKoFr2p
+# Vs8Vc40BIiXOlWk/R3f7cnQU1/+rT4osequFzUNf7WC2qk+RZp4snuCKrOX9jLxk
+# Jodskr2dfNBwCnzvqLx1T7pa96kQsl3p/yhUifDVinF2ZdrM8HKjI/rAJ4JErpkn
+# G6skHibBt94q6/aesXmZgaNWhqsKRcnfxI2g55j7+6adcq/Ex8HBanHZxhOACcS2
+# n82HhyS7T6NJuXdmkfFynOlLAlKnN36TU6w7HQhJD5TNOXrd/yVjmScsPT9rp/Fm
+# w0HNT7ZAmyEhQNC3EyTN3B14OuSereU0cZLXJmvkOHOrpgFPvT87eK1MrfvElXvt
+# Cl8zOYdBeHo46Zzh3SP9HSjTx/no8Zhf+yvYfvJGnXUsHicsJttvFXseGYs2uJPU
+# 5vIXmVnKcPA3v5gA3yAWTyf7YGcWoWa63VXAOimGsJigK+2VQbc61RWYMbRiCQ8K
+# vYHZE/6/pNHzV9m8BPqC3jLfBInwAM1dwvnQI38AC+R2AibZ8GV2QqYphwlHK+Z/
+# GqSFD/yYlvZVVCsfgPrA8g4r5db7qS9EFUrnEw4d2zc4GqEr9u3WfPwwgga5MIIE
+# oaADAgECAhEAmaOACiZVO2Wr3G6EprPqOTANBgkqhkiG9w0BAQwFADCBgDELMAkG
+# A1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAl
+# BgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMb
+# Q2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMB4XDTIxMDUxOTA1MzIxOFoXDTM2
+# MDUxODA1MzIxOFowVjELMAkGA1UEBhMCUEwxITAfBgNVBAoTGEFzc2VjbyBEYXRh
+# IFN5c3RlbXMgUy5BLjEkMCIGA1UEAxMbQ2VydHVtIENvZGUgU2lnbmluZyAyMDIx
+# IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnSPPBDAjO8FGLOcz
+# cz5jXXp1ur5cTbq96y34vuTmflN4mSAfgLKTvggv24/rWiVGzGxT9YEASVMw1Aj8
+# ewTS4IndU8s7VS5+djSoMcbvIKck6+hI1shsylP4JyLvmxwLHtSworV9wmjhNd62
+# 7h27a8RdrT1PH9ud0IF+njvMk2xqbNTIPsnWtw3E7DmDoUmDQiYi/ucJ42fcHqBk
+# bbxYDB7SYOouu9Tj1yHIohzuC8KNqfcYf7Z4/iZgkBJ+UFNDcc6zokZ2uJIxWgPW
+# XMEmhu1gMXgv8aGUsRdaCtVD2bSlbfsq7BiqljjaCun+RJgTgFRCtsuAEw0pG9+F
+# A+yQN9n/kZtMLK+Wo837Q4QOZgYqVWQ4x6cM7/G0yswg1ElLlJj6NYKLw9EcBXE7
+# TF3HybZtYvj9lDV2nT8mFSkcSkAExzd4prHwYjUXTeZIlVXqj+eaYqoMTpMrfh5M
+# CAOIG5knN4Q/JHuurfTI5XDYO962WZayx7ACFf5ydJpoEowSP07YaBiQ8nXpDkNr
+# UA9g7qf/rCkKbWpQ5boufUnq1UiYPIAHlezf4muJqxqIns/kqld6JVX8cixbd6Pz
+# kDpwZo4SlADaCi2JSplKShBSND36E/ENVv8urPS0yOnpG4tIoBGxVCARPCg1BnyM
+# J4rBJAcOSnAWd18Jx5n858JSqPECAwEAAaOCAVUwggFRMA8GA1UdEwEB/wQFMAMB
+# Af8wHQYDVR0OBBYEFN10XUwA23ufoHTKsW73PMAywHDNMB8GA1UdIwQYMBaAFLah
+# VDkCw6A/joq8+tT4HKbROg79MA4GA1UdDwEB/wQEAwIBBjATBgNVHSUEDDAKBggr
+# BgEFBQcDAzAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vY3JsLmNlcnR1bS5wbC9j
+# dG5jYTIuY3JsMGwGCCsGAQUFBwEBBGAwXjAoBggrBgEFBQcwAYYcaHR0cDovL3N1
+# YmNhLm9jc3AtY2VydHVtLmNvbTAyBggrBgEFBQcwAoYmaHR0cDovL3JlcG9zaXRv
+# cnkuY2VydHVtLnBsL2N0bmNhMi5jZXIwOQYDVR0gBDIwMDAuBgRVHSAAMCYwJAYI
+# KwYBBQUHAgEWGGh0dHA6Ly93d3cuY2VydHVtLnBsL0NQUzANBgkqhkiG9w0BAQwF
+# AAOCAgEAdYhYD+WPUCiaU58Q7EP89DttyZqGYn2XRDhJkL6P+/T0IPZyxfxiXumY
+# lARMgwRzLRUStJl490L94C9LGF3vjzzH8Jq3iR74BRlkO18J3zIdmCKQa5LyZ48I
+# fICJTZVJeChDUyuQy6rGDxLUUAsO0eqeLNhLVsgw6/zOfImNlARKn1FP7o0fTbj8
+# ipNGxHBIutiRsWrhWM2f8pXdd3x2mbJCKKtl2s42g9KUJHEIiLni9ByoqIUul4Gb
+# lLQigO0ugh7bWRLDm0CdY9rNLqyA3ahe8WlxVWkxyrQLjH8ItI17RdySaYayX3Ph
+# RSC4Am1/7mATwZWwSD+B7eMcZNhpn8zJ+6MTyE6YoEBSRVrs0zFFIHUR08Wk0ikS
+# f+lIe5Iv6RY3/bFAEloMU+vUBfSouCReZwSLo8WdrDlPXtR0gicDnytO7eZ5827N
+# S2x7gCBibESYkOh1/w1tVxTpV2Na3PR7nxYVlPu1JPoRZCbH86gc96UTvuWiOruW
+# myOEMLOGGniR+x+zPF/2DaGgK2W1eEJfo2qyrBNPvF7wuAyQfiFXLwvWHamoYtPZ
+# o0LHuH8X3n9C+xN4YaNjt2ywzOr+tKyEVAotnyU9vyEVOaIYMk3IeBrmFnn0gbKe
+# TTyYeEEUz/Qwt4HOUBCrW602NCmvO1nm+/80nLy5r0AZvCQxaQ4wgga8MIIEpKAD
+# AgECAhALrma8Wrp/lYfG+ekE4zMEMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYT
+# AlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQg
+# VHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0EwHhcNMjQw
+# OTI2MDAwMDAwWhcNMzUxMTI1MjM1OTU5WjBCMQswCQYDVQQGEwJVUzERMA8GA1UE
+# ChMIRGlnaUNlcnQxIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAyMDI0MIIC
+# IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvmpzn/aVIauWMLpbbeZZo7Xo
+# /ZEfGMSIO2qZ46XB/QowIEMSvgjEdEZ3v4vrrTHleW1JWGErrjOL0J4L0HqVR1cz
+# SzvUQ5xF7z4IQmn7dHY7yijvoQ7ujm0u6yXF2v1CrzZopykD07/9fpAT4BxpT9vJ
+# oJqAsP8YuhRvflJ9YeHjes4fduksTHulntq9WelRWY++TFPxzZrbILRYynyEy7rS
+# 1lHQKFpXvo2GePfsMRhNf1F41nyEg5h7iOXv+vjX0K8RhUisfqw3TTLHj1uhS66Y
+# X2LZPxS4oaf33rp9HlfqSBePejlYeEdU740GKQM7SaVSH3TbBL8R6HwX9QVpGnXP
+# lKdE4fBIn5BBFnV+KwPxRNUNK6lYk2y1WSKour4hJN0SMkoaNV8hyyADiX1xuTxK
+# aXN12HgR+8WulU2d6zhzXomJ2PleI9V2yfmfXSPGYanGgxzqI+ShoOGLomMd3mJt
+# 92nm7Mheng/TBeSA2z4I78JpwGpTRHiT7yHqBiV2ngUIyCtd0pZ8zg3S7bk4QC4R
+# rcnKJ3FbjyPAGogmoiZ33c1HG93Vp6lJ415ERcC7bFQMRbxqrMVANiav1k425zYy
+# FMyLNyE1QulQSgDpW9rtvVcIH7WvG9sqYup9j8z9J1XqbBZPJ5XLln8mS8wWmdDL
+# nBHXgYly/p1DhoQo5fkCAwEAAaOCAYswggGHMA4GA1UdDwEB/wQEAwIHgDAMBgNV
+# HRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMCAGA1UdIAQZMBcwCAYG
+# Z4EMAQQCMAsGCWCGSAGG/WwHATAfBgNVHSMEGDAWgBS6FtltTYUvcyl2mi91jGog
+# j57IbzAdBgNVHQ4EFgQUn1csA3cOKBWQZqVjXu5Pkh92oFswWgYDVR0fBFMwUTBP
+# oE2gS4ZJaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0
+# UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNybDCBkAYIKwYBBQUHAQEEgYMw
+# gYAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBYBggrBgEF
+# BQcwAoZMaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3Rl
+# ZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsF
+# AAOCAgEAPa0eH3aZW+M4hBJH2UOR9hHbm04IHdEoT8/T3HuBSyZeq3jSi5GXeWP7
+# xCKhVireKCnCs+8GZl2uVYFvQe+pPTScVJeCZSsMo1JCoZN2mMew/L4tpqVNbSpW
+# O9QGFwfMEy60HofN6V51sMLMXNTLfhVqs+e8haupWiArSozyAmGH/6oMQAh078qR
+# h6wvJNU6gnh5OruCP1QUAvVSu4kqVOcJVozZR5RRb/zPd++PGE3qF1P3xWvYViUJ
+# Lsxtvge/mzA75oBfFZSbdakHJe2BVDGIGVNVjOp8sNt70+kEoMF+T6tptMUNlehS
+# R7vM+C13v9+9ZOUKzfRUAYSyyEmYtsnpltD/GWX8eM70ls1V6QG/ZOB6b6Yum1Hv
+# IiulqJ1Elesj5TMHq8CWT/xrW7twipXTJ5/i5pkU5E16RSBAdOp12aw8IQhhA/vE
+# bFkEiF2abhuFixUDobZaA0VhqAsMHOmaT3XThZDNi5U2zHKhUs5uHHdG6BoQau75
+# KiNbh0c+hatSF+02kULkftARjsyEpHKsF7u5zKRbt5oK5YGwFvgc4pEVUNytmB3B
+# pIiowOIIuDgP5M9WArHYSAR16gc0dP2XdkMEP5eBsX7bf/MGN4K3HP50v/01ZHo/
+# Z5lGLvNwQ7XHBx1yomzLP8lx4Q1zZKDyHcp4VQJLu2kWTsKsOqQxggXAMIIFvAIB
+# ATBqMFYxCzAJBgNVBAYTAlBMMSEwHwYDVQQKExhBc3NlY28gRGF0YSBTeXN0ZW1z
+# IFMuQS4xJDAiBgNVBAMTG0NlcnR1bSBDb2RlIFNpZ25pbmcgMjAyMSBDQQIQa8ZV
+# oPYKOOW8bR/WYvlgoDANBglghkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQow
+# CKACgAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcC
+# AQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCDRDzs2Ytj0Dqx5LB+l
+# pxX4cE0yDiFZ7vG8rNTLXz+KKzANBgkqhkiG9w0BAQEFAASCAYAmmXOJQfsI38xT
+# YThT8Zio6kQKcmRUHLHq0J2JLdGFflBy76meillnESCwNczrmd1kdGRpiyxegDt3
+# 1afBoTZ5tq+3ZXW1TebagwAhp6pxoav+AVdCgvKBrzKiEisDuPQppyNGQfhTZ3sR
+# SxQLrXtPGaODfgABeYfe0xHzGKre2eEP07TY0IEFC1Ncn6k0cgP4+B4gXwRfkoHM
+# Rk2iRB1WHYzX1/BXUkp7ET+w2X5hJZYxLn8/Th9RkCxuzk8ctQVbfbuV4r6hC6Zs
+# TWorfMPF6JPMtrxAEfoDcB241xm9OnN7PnI7en7+Jq6otGwDr3k13YbxBphySY1s
+# DkNVGVQr1qaVExefm4dRO/PenInWMlduwWWSzkmdB0m0GpuxwsmXsixYyR77SU7O
+# jJ8/sTTsGNqIgS6+Mv+RLBGsHvAAedD4kPzfJMSg5yE+tFdd50sTpAgi1exuFKrW
+# c99a+xhSBMmt/oss228cbQF+2/VrwdFi3yJUWZVcfoaAdFFy092hggMgMIIDHAYJ
+# KoZIhvcNAQkGMYIDDTCCAwkCAQEwdzBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMO
+# RGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNB
+# NDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBAhALrma8Wrp/lYfG+ekE4zMEMA0G
+# CWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG
+# 9w0BCQUxDxcNMjQxMTEzMjMzOTE2WjAvBgkqhkiG9w0BCQQxIgQgu+gdumT7pwD4
+# cDnOysQNtr2j8VfIX4zHfQPV4WwSmT4wDQYJKoZIhvcNAQEBBQAEggIAB0FkcEJO
+# h2KNBz+gTFA1lq4o1Fy+2LFOvsxjNQPyimcQ0Ft4I3MmnsT3HNGuGK0Q14ojZk8j
+# 27sDCmwwG5N1nryWWxLcul2qWrPhN2dxgp22ikuCHhTU6VFFXvKpnEd4AsghbuaD
+# gAGXYglB3JKwFrPm2trD0zN4VA/RhzH/O6dvTQSdFXkOAESCvv4mG8n9BwpSSkha
+# DxHvu+lDfhIogAIjviMgq3Sbpd0R9Y9XWepr4aRbcqmwo6FVyqs4/ToSMZxcNb8g
+# yu6z9U9ioJeghEUhJPWe1m1JcgTFdValtHkG/v1j+JXBiyDziCrrKGoAZadJ83Yl
+# wHjF63hk3f4RC+xfY4IzcVnYBaaoSFvQdLbmRHJcxWho/Te7acX0K/Tr/vFVW4IW
+# DXWlqpkKTGxjHeLZrrQkURE6FPBk0UaJRYwaXpofkfvfO7/BAbf0h7s8sGku2JA1
+# wa6ck7wKCSHW9UDi9u+Q2+3GlB7vstcCO6nZ8WmswNtg87v9bU/Rd8nXAy4yYIUp
+# af1LEMEk310zN8/RJCq2ZYfZ1/XQShBFCJk97D1IeeMz64TAUdyTxquiz3V8KeqQ
+# nFm9woD/YYzv/RSU0/iSYZRAMKUCQbSZm31M1UUuKTW6bxUiRXAuEP5ltnLeGugd
+# iFgJIrU+wyu+iggEVWDsCtH4OnfLWt0iLXM=
+# SIG # End signature block
diff --git a/Private/Hardensysvol.psd1 b/Private/Hardensysvol.psd1
new file mode 100644
index 0000000..c659d99
--- /dev/null
+++ b/Private/Hardensysvol.psd1
@@ -0,0 +1,279 @@
+#
+# Manifest module for 'Harden Sysvol'
+#
+# Generated by : Mehdi Dakhama
+#
+# Generated : 11/2024
+
+@{
+ # ID du module
+ RootModule = 'HardenSysvol.psm1'
+
+ # Infos du module
+ ModuleVersion = '1.7.0'
+ GUID = '31c02f99-d8aa-4996-8c55-647041bd7bbf'
+ Author = 'DAKHAMA Mehdi'
+ CompanyName = 'HardenAD'
+ Copyright = '(c) 2024 DAKHAMA Mehdi. All rights reserved.'
+ Description = 'Harden Sysvol is a Powershell Module to scan sysvol folder to search the sensitivity data, and vulnerability.'
+ PowerShellVersion = '5.1'
+
+ # Dépendances
+ RequiredModules = @(@{
+ ModuleVersion = '0.0.180'
+ ModuleName = 'PSWriteHTML'
+ Guid = 'a7bdf640-f5cb-4acf-9de0-365b322d245c'
+ }, @{
+ ModuleVersion = '0.2.0'
+ ModuleName = 'PSWriteOffice'
+ Guid = 'd75a279d-30c2-4c2d-ae0d-12f1f3bf4d39'
+ })
+
+ FunctionsToExport = @('Invoke-Hardensysvol')
+
+ CmdletsToExport = @()
+
+ VariablesToExport = '*'
+
+ AliasesToExport = @()
+
+ PrivateData = @{
+
+ PSData = @{
+
+ Tags = @('HardenSysvol','AuditAD','AuditNetlogon','AuditSysvol','ActiveDirectory','Security','Vulnerability')
+
+ LicenseUri = 'https://github.com/dakhama-mehdi/Harden-Sysvol/blob/main/LICENSE'
+
+ ProjectUri = 'https://github.com/dakhama-mehdi/Harden-Sysvol'
+
+ IconUri = "https://github.com/dakhama-mehdi/Harden-Sysvol/blob/main/Pictures/HardenSysvol.png?raw=true"
+
+ ReleaseNotes = @'
+ 1.7.0 : Add check 7Z,Rar protected by password if 7zip is installed
+ 1.6.8 : Revise all magic number and add more total about 180 magic number
+ 1.6.7 : Add check db files, add check signing msu,cab, add check keepass files
+ Add check zip protected by password
+ 1.6.6 : Fix score
+ 1.5.0 : Support certificat cer,der,pam,p7b
+ Add Json file - Extensions binary
+ 1.4.0 : Add new options : Add/Remove Pattern - Add/Remove Extension
+ Check ZIP/RAR
+ 1.3.0 : Support PPTX, ODP, Detect MD5,SHA1,SHa256, IPv4
+ 1.2.0 : Version Beta (Fix double result)
+ 1.1.0 : Fix dependence model error
+ 1.0.0 : Version Test
+'@
+ }
+}
+ HelpInfoURI = 'https://github.com/dakhama-mehdi/Harden-Sysvol/tree/main/Docs'
+
+}
+
+# SIG # Begin signature block
+# MIImVgYJKoZIhvcNAQcCoIImRzCCJkMCAQExDzANBglghkgBZQMEAgEFADB5Bgor
+# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
+# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBV3b5VJi6b9l74
+# uY5TzhcgU0GHYF2vRuxN+hS8hEuJc6CCH+wwggWNMIIEdaADAgECAhAOmxiO+dAt
+# 5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
+# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNV
+# BAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4MDEwMDAwMDBa
+# Fw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy
+# dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD
+# ZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+# ggIBAL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3E
+# MB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKy
+# unWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsF
+# xl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU1
+# 5zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB
+# MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObUR
+# WBf3JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6
+# nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxB
+# YKqxYxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5S
+# UUd0viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+x
+# q4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjggE6MIIB
+# NjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTs1+OC0nFdZEzfLmc/57qYrhwP
+# TzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAOBgNVHQ8BAf8EBAMC
+# AYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
+# Y2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv
+# bS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0
+# aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENB
+# LmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggEBAHCgv0Nc
+# Vec4X6CjdBs9thbX979XB72arKGHLOyFXqkauyL4hxppVCLtpIh3bb0aFPQTSnov
+# Lbc47/T/gLn4offyct4kvFIDyE7QKt76LVbP+fT3rDB6mouyXtTP0UNEm0Mh65Zy
+# oUi0mcudT6cGAxN3J0TU53/oWajwvy8LpunyNDzs9wPHh6jSTEAZNUZqaVSwuKFW
+# juyk1T3osdz9HNj0d1pcVIxv76FQPfx2CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPF
+# mCLBsln1VWvPJ6tsds5vIy30fnFqI2si/xK4VC0nftg62fC2h5b9W9FcrBjDTZ9z
+# twGpn1eqXijiuZQwggYoMIIEEKADAgECAhBrxlWg9go45bxtH9Zi+WCgMA0GCSqG
+# SIb3DQEBCwUAMFYxCzAJBgNVBAYTAlBMMSEwHwYDVQQKExhBc3NlY28gRGF0YSBT
+# eXN0ZW1zIFMuQS4xJDAiBgNVBAMTG0NlcnR1bSBDb2RlIFNpZ25pbmcgMjAyMSBD
+# QTAeFw0yNDExMDYwOTQ0MjlaFw0yNTExMDYwOTQ0MjhaME4xCzAJBgNVBAYTAkZS
+# MQ8wDQYDVQQHDAZUb3Vsb24xFjAUBgNVBAoMDU1laGRpIERha2hhbWExFjAUBgNV
+# BAMMDU1laGRpIERha2hhbWEwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIB
+# gQCsFc3e5PwEJuycVRR54Qp8hFEckVwj7u1hMc7fejXKC/oR+uixlujLAHA9NcGX
+# jcQIXNP3GmezLF3Tj6Jvcs/kNT/a5zqjI5HEfIap7EHwf03f5060+Rc21v1UDjzj
+# DZzi9xFFum8eeGLc4pTzUB3wP3+M+mY7d5QlTjIxZSNnMBisJE8ASqG9JtRcQmIz
+# HACI70xRCQVV8ZjJ8J+Shr6wkNdDy/IjR+Y9VkMRIJozWR+pqbKuQOIDBSxQYVHg
+# bT+gsLOfvHkBPJN0ZQe7eJdG7J78Z1nzNH9yXhZ0HHdPB80tUwM0HC1n4LO3kki/
+# IBmg4Qq/UyMMQd826fJk3ylbAlf8w7N80INQcLLBGVECmWI21d9f3l5usvWDa+mJ
+# ma57c6GUDY05Jg5owLgNREZsyRt5rOlg68NLmz9tuEkJA1D4ntpKq0KZc3HJv04x
+# XTcfTEqbKYr7vZ//ENsell5UdUQxL6rGJzazhsK02ZcmasICiHNLfG/tBaolCbeM
+# 8ekCAwEAAaOCAXgwggF0MAwGA1UdEwEB/wQCMAAwPQYDVR0fBDYwNDAyoDCgLoYs
+# aHR0cDovL2Njc2NhMjAyMS5jcmwuY2VydHVtLnBsL2Njc2NhMjAyMS5jcmwwcwYI
+# KwYBBQUHAQEEZzBlMCwGCCsGAQUFBzABhiBodHRwOi8vY2NzY2EyMDIxLm9jc3At
+# Y2VydHVtLmNvbTA1BggrBgEFBQcwAoYpaHR0cDovL3JlcG9zaXRvcnkuY2VydHVt
+# LnBsL2Njc2NhMjAyMS5jZXIwHwYDVR0jBBgwFoAU3XRdTADbe5+gdMqxbvc8wDLA
+# cM0wHQYDVR0OBBYEFAG3sIcT8bRm7QyFu8699Gpkr5NmMEsGA1UdIAREMEIwCAYG
+# Z4EMAQQBMDYGCyqEaAGG9ncCBQEEMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vd3d3
+# LmNlcnR1bS5wbC9DUFMwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDgYDVR0PAQH/BAQD
+# AgeAMA0GCSqGSIb3DQEBCwUAA4ICAQCJ58BnchFNGzLksJ9oHFEWTs643G+PKOHr
+# 9RmrKSB/4MtPriG5iez+MFsGqYwkYd5QzqOIYg24ctfbWXJWG8Xj+YMfp1r+hkYq
+# O0Abpv26sZ1ZjNGgGUbb3z7KqhY+IdVpZf2aG/Rycl5dE2LbhWqp9h24WfQCIS/e
+# XxH7HmM9SEBHYbfOqlEA+RF/gRGYCQOg0ui2j0ZzIOrQGj3Njn/5rzP9OmPmLt4h
+# DsixjFWgu598XmRKj5KW1MShFIjUuUzSmOWDgKA16lJi6LggdFAB/MImiDH48v8N
+# /9R9En24pUGGj2XOgBX5SZ4kj+VN1YaY1vYPFp3wLu85zpgRZgZQC+WurX8s1tRn
+# iCIj/+ajUB4G4TcbTz6k16X1Yz9ba1y7p/hJB92uDW7esMGgqzEv+Osd11bVoNmv
+# CE8Twsz0cuFJqBtVZIycCkgw/AVyJIsNS6RADi94PvbOf8rty8HV3bHmm6O4wJVc
+# 5ch50bL7JVyYTPN5OTzXSDx62wKi5ePZvEF7RX3cQlTQMYticde91khs2n2FZ06K
+# Uin5DtQgxy0Q1ufFIDZthsk5AaSWiZzFgAgJt8JaQGPyGAYl2Sr8a/gMLpcBsPwI
+# zdlDUOJwyHPxlR9ZiraUzF/1SSN7CgjqFSDAAZ+i4i8gZsPpU38GtBSLrw/CrnUB
+# /KGcFNMvszCCBq4wggSWoAMCAQICEAc2N7ckVHzYR6z9KGYqXlswDQYJKoZIhvcN
+# AQELBQAwYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcG
+# A1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3Rl
+# ZCBSb290IEc0MB4XDTIyMDMyMzAwMDAwMFoXDTM3MDMyMjIzNTk1OVowYzELMAkG
+# A1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdp
+# Q2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTCC
+# AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMaGNQZJs8E9cklRVcclA8Ty
+# kTepl1Gh1tKD0Z5Mom2gsMyD+Vr2EaFEFUJfpIjzaPp985yJC3+dH54PMx9QEwsm
+# c5Zt+FeoAn39Q7SE2hHxc7Gz7iuAhIoiGN/r2j3EF3+rGSs+QtxnjupRPfDWVtTn
+# KC3r07G1decfBmWNlCnT2exp39mQh0YAe9tEQYncfGpXevA3eZ9drMvohGS0UvJ2
+# R/dhgxndX7RUCyFobjchu0CsX7LeSn3O9TkSZ+8OpWNs5KbFHc02DVzV5huowWR0
+# QKfAcsW6Th+xtVhNef7Xj3OTrCw54qVI1vCwMROpVymWJy71h6aPTnYVVSZwmCZ/
+# oBpHIEPjQ2OAe3VuJyWQmDo4EbP29p7mO1vsgd4iFNmCKseSv6De4z6ic/rnH1ps
+# lPJSlRErWHRAKKtzQ87fSqEcazjFKfPKqpZzQmiftkaznTqj1QPgv/CiPMpC3BhI
+# fxQ0z9JMq++bPf4OuGQq+nUoJEHtQr8FnGZJUlD0UfM2SU2LINIsVzV5K6jzRWC8
+# I41Y99xh3pP+OcD5sjClTNfpmEpYPtMDiP6zj9NeS3YSUZPJjAw7W4oiqMEmCPkU
+# EBIDfV8ju2TjY+Cm4T72wnSyPx4JduyrXUZ14mCjWAkBKAAOhFTuzuldyF4wEr1G
+# nrXTdrnSDmuZDNIztM2xAgMBAAGjggFdMIIBWTASBgNVHRMBAf8ECDAGAQH/AgEA
+# MB0GA1UdDgQWBBS6FtltTYUvcyl2mi91jGogj57IbzAfBgNVHSMEGDAWgBTs1+OC
+# 0nFdZEzfLmc/57qYrhwPTzAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYB
+# BQUHAwgwdwYIKwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k
+# aWdpY2VydC5jb20wQQYIKwYBBQUHMAKGNWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0
+# LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3J0MEMGA1UdHwQ8MDowOKA2oDSG
+# Mmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQu
+# Y3JsMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATANBgkqhkiG9w0B
+# AQsFAAOCAgEAfVmOwJO2b5ipRCIBfmbW2CFC4bAYLhBNE88wU86/GPvHUF3iSyn7
+# cIoNqilp/GnBzx0H6T5gyNgL5Vxb122H+oQgJTQxZ822EpZvxFBMYh0MCIKoFr2p
+# Vs8Vc40BIiXOlWk/R3f7cnQU1/+rT4osequFzUNf7WC2qk+RZp4snuCKrOX9jLxk
+# Jodskr2dfNBwCnzvqLx1T7pa96kQsl3p/yhUifDVinF2ZdrM8HKjI/rAJ4JErpkn
+# G6skHibBt94q6/aesXmZgaNWhqsKRcnfxI2g55j7+6adcq/Ex8HBanHZxhOACcS2
+# n82HhyS7T6NJuXdmkfFynOlLAlKnN36TU6w7HQhJD5TNOXrd/yVjmScsPT9rp/Fm
+# w0HNT7ZAmyEhQNC3EyTN3B14OuSereU0cZLXJmvkOHOrpgFPvT87eK1MrfvElXvt
+# Cl8zOYdBeHo46Zzh3SP9HSjTx/no8Zhf+yvYfvJGnXUsHicsJttvFXseGYs2uJPU
+# 5vIXmVnKcPA3v5gA3yAWTyf7YGcWoWa63VXAOimGsJigK+2VQbc61RWYMbRiCQ8K
+# vYHZE/6/pNHzV9m8BPqC3jLfBInwAM1dwvnQI38AC+R2AibZ8GV2QqYphwlHK+Z/
+# GqSFD/yYlvZVVCsfgPrA8g4r5db7qS9EFUrnEw4d2zc4GqEr9u3WfPwwgga5MIIE
+# oaADAgECAhEAmaOACiZVO2Wr3G6EprPqOTANBgkqhkiG9w0BAQwFADCBgDELMAkG
+# A1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAl
+# BgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMb
+# Q2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMB4XDTIxMDUxOTA1MzIxOFoXDTM2
+# MDUxODA1MzIxOFowVjELMAkGA1UEBhMCUEwxITAfBgNVBAoTGEFzc2VjbyBEYXRh
+# IFN5c3RlbXMgUy5BLjEkMCIGA1UEAxMbQ2VydHVtIENvZGUgU2lnbmluZyAyMDIx
+# IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnSPPBDAjO8FGLOcz
+# cz5jXXp1ur5cTbq96y34vuTmflN4mSAfgLKTvggv24/rWiVGzGxT9YEASVMw1Aj8
+# ewTS4IndU8s7VS5+djSoMcbvIKck6+hI1shsylP4JyLvmxwLHtSworV9wmjhNd62
+# 7h27a8RdrT1PH9ud0IF+njvMk2xqbNTIPsnWtw3E7DmDoUmDQiYi/ucJ42fcHqBk
+# bbxYDB7SYOouu9Tj1yHIohzuC8KNqfcYf7Z4/iZgkBJ+UFNDcc6zokZ2uJIxWgPW
+# XMEmhu1gMXgv8aGUsRdaCtVD2bSlbfsq7BiqljjaCun+RJgTgFRCtsuAEw0pG9+F
+# A+yQN9n/kZtMLK+Wo837Q4QOZgYqVWQ4x6cM7/G0yswg1ElLlJj6NYKLw9EcBXE7
+# TF3HybZtYvj9lDV2nT8mFSkcSkAExzd4prHwYjUXTeZIlVXqj+eaYqoMTpMrfh5M
+# CAOIG5knN4Q/JHuurfTI5XDYO962WZayx7ACFf5ydJpoEowSP07YaBiQ8nXpDkNr
+# UA9g7qf/rCkKbWpQ5boufUnq1UiYPIAHlezf4muJqxqIns/kqld6JVX8cixbd6Pz
+# kDpwZo4SlADaCi2JSplKShBSND36E/ENVv8urPS0yOnpG4tIoBGxVCARPCg1BnyM
+# J4rBJAcOSnAWd18Jx5n858JSqPECAwEAAaOCAVUwggFRMA8GA1UdEwEB/wQFMAMB
+# Af8wHQYDVR0OBBYEFN10XUwA23ufoHTKsW73PMAywHDNMB8GA1UdIwQYMBaAFLah
+# VDkCw6A/joq8+tT4HKbROg79MA4GA1UdDwEB/wQEAwIBBjATBgNVHSUEDDAKBggr
+# BgEFBQcDAzAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vY3JsLmNlcnR1bS5wbC9j
+# dG5jYTIuY3JsMGwGCCsGAQUFBwEBBGAwXjAoBggrBgEFBQcwAYYcaHR0cDovL3N1
+# YmNhLm9jc3AtY2VydHVtLmNvbTAyBggrBgEFBQcwAoYmaHR0cDovL3JlcG9zaXRv
+# cnkuY2VydHVtLnBsL2N0bmNhMi5jZXIwOQYDVR0gBDIwMDAuBgRVHSAAMCYwJAYI
+# KwYBBQUHAgEWGGh0dHA6Ly93d3cuY2VydHVtLnBsL0NQUzANBgkqhkiG9w0BAQwF
+# AAOCAgEAdYhYD+WPUCiaU58Q7EP89DttyZqGYn2XRDhJkL6P+/T0IPZyxfxiXumY
+# lARMgwRzLRUStJl490L94C9LGF3vjzzH8Jq3iR74BRlkO18J3zIdmCKQa5LyZ48I
+# fICJTZVJeChDUyuQy6rGDxLUUAsO0eqeLNhLVsgw6/zOfImNlARKn1FP7o0fTbj8
+# ipNGxHBIutiRsWrhWM2f8pXdd3x2mbJCKKtl2s42g9KUJHEIiLni9ByoqIUul4Gb
+# lLQigO0ugh7bWRLDm0CdY9rNLqyA3ahe8WlxVWkxyrQLjH8ItI17RdySaYayX3Ph
+# RSC4Am1/7mATwZWwSD+B7eMcZNhpn8zJ+6MTyE6YoEBSRVrs0zFFIHUR08Wk0ikS
+# f+lIe5Iv6RY3/bFAEloMU+vUBfSouCReZwSLo8WdrDlPXtR0gicDnytO7eZ5827N
+# S2x7gCBibESYkOh1/w1tVxTpV2Na3PR7nxYVlPu1JPoRZCbH86gc96UTvuWiOruW
+# myOEMLOGGniR+x+zPF/2DaGgK2W1eEJfo2qyrBNPvF7wuAyQfiFXLwvWHamoYtPZ
+# o0LHuH8X3n9C+xN4YaNjt2ywzOr+tKyEVAotnyU9vyEVOaIYMk3IeBrmFnn0gbKe
+# TTyYeEEUz/Qwt4HOUBCrW602NCmvO1nm+/80nLy5r0AZvCQxaQ4wgga8MIIEpKAD
+# AgECAhALrma8Wrp/lYfG+ekE4zMEMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYT
+# AlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQg
+# VHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0EwHhcNMjQw
+# OTI2MDAwMDAwWhcNMzUxMTI1MjM1OTU5WjBCMQswCQYDVQQGEwJVUzERMA8GA1UE
+# ChMIRGlnaUNlcnQxIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAyMDI0MIIC
+# IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvmpzn/aVIauWMLpbbeZZo7Xo
+# /ZEfGMSIO2qZ46XB/QowIEMSvgjEdEZ3v4vrrTHleW1JWGErrjOL0J4L0HqVR1cz
+# SzvUQ5xF7z4IQmn7dHY7yijvoQ7ujm0u6yXF2v1CrzZopykD07/9fpAT4BxpT9vJ
+# oJqAsP8YuhRvflJ9YeHjes4fduksTHulntq9WelRWY++TFPxzZrbILRYynyEy7rS
+# 1lHQKFpXvo2GePfsMRhNf1F41nyEg5h7iOXv+vjX0K8RhUisfqw3TTLHj1uhS66Y
+# X2LZPxS4oaf33rp9HlfqSBePejlYeEdU740GKQM7SaVSH3TbBL8R6HwX9QVpGnXP
+# lKdE4fBIn5BBFnV+KwPxRNUNK6lYk2y1WSKour4hJN0SMkoaNV8hyyADiX1xuTxK
+# aXN12HgR+8WulU2d6zhzXomJ2PleI9V2yfmfXSPGYanGgxzqI+ShoOGLomMd3mJt
+# 92nm7Mheng/TBeSA2z4I78JpwGpTRHiT7yHqBiV2ngUIyCtd0pZ8zg3S7bk4QC4R
+# rcnKJ3FbjyPAGogmoiZ33c1HG93Vp6lJ415ERcC7bFQMRbxqrMVANiav1k425zYy
+# FMyLNyE1QulQSgDpW9rtvVcIH7WvG9sqYup9j8z9J1XqbBZPJ5XLln8mS8wWmdDL
+# nBHXgYly/p1DhoQo5fkCAwEAAaOCAYswggGHMA4GA1UdDwEB/wQEAwIHgDAMBgNV
+# HRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMCAGA1UdIAQZMBcwCAYG
+# Z4EMAQQCMAsGCWCGSAGG/WwHATAfBgNVHSMEGDAWgBS6FtltTYUvcyl2mi91jGog
+# j57IbzAdBgNVHQ4EFgQUn1csA3cOKBWQZqVjXu5Pkh92oFswWgYDVR0fBFMwUTBP
+# oE2gS4ZJaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0
+# UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNybDCBkAYIKwYBBQUHAQEEgYMw
+# gYAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBYBggrBgEF
+# BQcwAoZMaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3Rl
+# ZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsF
+# AAOCAgEAPa0eH3aZW+M4hBJH2UOR9hHbm04IHdEoT8/T3HuBSyZeq3jSi5GXeWP7
+# xCKhVireKCnCs+8GZl2uVYFvQe+pPTScVJeCZSsMo1JCoZN2mMew/L4tpqVNbSpW
+# O9QGFwfMEy60HofN6V51sMLMXNTLfhVqs+e8haupWiArSozyAmGH/6oMQAh078qR
+# h6wvJNU6gnh5OruCP1QUAvVSu4kqVOcJVozZR5RRb/zPd++PGE3qF1P3xWvYViUJ
+# Lsxtvge/mzA75oBfFZSbdakHJe2BVDGIGVNVjOp8sNt70+kEoMF+T6tptMUNlehS
+# R7vM+C13v9+9ZOUKzfRUAYSyyEmYtsnpltD/GWX8eM70ls1V6QG/ZOB6b6Yum1Hv
+# IiulqJ1Elesj5TMHq8CWT/xrW7twipXTJ5/i5pkU5E16RSBAdOp12aw8IQhhA/vE
+# bFkEiF2abhuFixUDobZaA0VhqAsMHOmaT3XThZDNi5U2zHKhUs5uHHdG6BoQau75
+# KiNbh0c+hatSF+02kULkftARjsyEpHKsF7u5zKRbt5oK5YGwFvgc4pEVUNytmB3B
+# pIiowOIIuDgP5M9WArHYSAR16gc0dP2XdkMEP5eBsX7bf/MGN4K3HP50v/01ZHo/
+# Z5lGLvNwQ7XHBx1yomzLP8lx4Q1zZKDyHcp4VQJLu2kWTsKsOqQxggXAMIIFvAIB
+# ATBqMFYxCzAJBgNVBAYTAlBMMSEwHwYDVQQKExhBc3NlY28gRGF0YSBTeXN0ZW1z
+# IFMuQS4xJDAiBgNVBAMTG0NlcnR1bSBDb2RlIFNpZ25pbmcgMjAyMSBDQQIQa8ZV
+# oPYKOOW8bR/WYvlgoDANBglghkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQow
+# CKACgAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcC
+# AQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCCBRfXkBpqsgJAJPOJd
+# IZ0H3jtcH3a43iue7OAGG1dnYTANBgkqhkiG9w0BAQEFAASCAYAR4NvK+saZhr+3
+# TfhSdWMlnx+ISifrNoJYq0kPPOR+dCm4lD1B4Jkvq/iUWDM1R3Oh34J7nbJSXvEJ
+# Lm/NGyeOm8T/PYOP9Vwe8k4o8EOkuH1IF8r5Q/QeuGq3kEfDl7nEYaHngTNKic7b
+# fheiokn6oAp3OP6zS0HlkmO0xo8KmKP4W1qOYqX8sVXjIZ6WF6m5TdLI/vOsh0kt
+# JE1OSuVskkK/sR2FaOtpFokrlR0YFPBjg0voMk9/E/81hAil5HCfRpi6xNAxglNO
+# pCXLUcrjxgda9L3a9fmAbB5DkjEKvPB4RP/nIPoTpg/ZH8ILGH7OdpaRQfFOrOBD
+# xH6Inr7psQ68HNqCtNKElzhHC5+0jE9CWvV64ur6Ucd+ghyjajGY/13iCwNbJFVY
+# SgNFOcL/fMp4VSzTaGheNKM+FR5O+oFXT7ef1DQJAttF19HgCt/TZdbL9sosUfuh
+# ycVqvtIHib52u1af5djLcEpBm966W4Ti5jJUqZdijrD2vOoUFUmhggMgMIIDHAYJ
+# KoZIhvcNAQkGMYIDDTCCAwkCAQEwdzBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMO
+# RGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNB
+# NDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBAhALrma8Wrp/lYfG+ekE4zMEMA0G
+# CWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG
+# 9w0BCQUxDxcNMjQxMTEzMjMzOTE3WjAvBgkqhkiG9w0BCQQxIgQgScTpc5k+Ym5l
+# 6FFCMDXYaKba1M9TlNQ39tEFakX4eXQwDQYJKoZIhvcNAQEBBQAEggIAscfssbsg
+# wLoAWmpwYpDUm4Kxyek76QGHC5lrWg2Rz/kiI7tZs8dOpiDWupjm1ZqLPbL8RcF8
+# 0EvO6M1LRL/v2ooiuxnYRk42SNitoJbdPOpepnSZJd2Pe0OKMsX55UQ0maIKSXPU
+# biJuBBaXZj3F3EF8Wqw38ANoQlglskNmL8C6QMunE1W2KilPA2o6Q+h3qxJKPDPy
+# cvNBstClrbHfZPPN7d5mdynSaJV/oPs3IjQuDUTA2yvqZWDij5ohtKzVue9uY2G8
+# ypdDno4tte5dXPX/0MJDwKdty+sh3neLv0QrZIHgM4SViChLRWjJP426P8rLKitv
+# 88xY9dTP05zvulJ82eSj4pS5wdqPJyX6NkQcvWpFGhSsHD6wCfrNkK5n4jtJJsRN
+# 4f+V9GUD5Ck7KbBREGC8ddQd1+ecPwlqOwbXWqL4WwwBKALdmEev4a0S3DmMHrUh
+# 85QwYRW6tsVGuiYPDkY7fFQg1aObj0DMKb3s+XtOGINkqB8i111444a+rbMyBCKv
+# eIDLVHtAAYR9z3waCmG0Kf4E22M29QCNvNpV24keIAMXbFe9o/OAam7UKikUKZq1
+# TchvuNsYAsoMua4+ppuSRHtPJ6vfQNv4lm4xPNuy3ETkXY/kCx7d2zuwSytgX6gy
+# 1z/cvrHIe1zEiMXF9HfZgu9bqhvtUUA2ios=
+# SIG # End signature block
diff --git a/Public/HardenSysvol.psm1 b/Public/HardenSysvol.psm1
new file mode 100644
index 0000000..efe7274
--- /dev/null
+++ b/Public/HardenSysvol.psm1
@@ -0,0 +1,821 @@
+<#
+.SYNOPSIS
+ Sysvol Security Audit Module
+
+.DESCRIPTION
+ This module is designed to scan the Sysvol folder for files containing sensitive information, such as passwords, usernames, certificates, and configuration data.
+ It identifies potential security risks by detecting files that may expose sensitive content, such as documents, scripts, and configuration files.
+ The tool also analyzes file integrity and flags files that require additional scrutiny, helping administrators to harden their Sysvol directory and
+ Ensure a secure Active Directory environment.
+
+.VERSION
+ 1.7
+
+.Contribution
+ Credit : HardenAD Community HardenAD
+ Credit : It-connect Community It-Connect
+
+.AUTHOR
+ DAKHAMA Mehdi
+
+.PARAMETER dnsDomain
+ Specifies the DNS domain to be scanned. Defaults to the current user's DNS domain if not provided.
+
+.PARAMETER ignoreExtensions
+ Specifies file extensions to ignore during the scan.
+
+.EXAMPLE
+ # Scan the Sysvol folder of the current domain
+ Invoke-HardenSysvol
+
+ # Scan the Sysvol folder of a specific domain, ignoring .txt and .log files
+ Invoke-HardenSysvol -dnsDomain "example.com" -ignoreExtensions "txt", "log" -Addpattern admin -AddExtensions adml,admx,adm
+
+.NOTES
+ This script not requires administrative privileges to access and scan the Sysvol directory.
+
+.LINK
+ https://github.com/dakhama-mehdi/Harden-Sysvol
+#>
+
+function Invoke-HardenSysvol {
+ [CmdletBinding()]
+ Param(
+ [Parameter(Mandatory = $false)]
+ [String]$dnsDomain = $env:USERDNSDOMAIN,
+
+ [Parameter(Mandatory = $false)]
+ [String[]]$ignoreExtensions,
+
+ [Parameter(Mandatory = $false)]
+ [String[]]$AddExtensions,
+
+ [Parameter(Mandatory = $false)]
+ [String[]]$Addpattern,
+
+ [Parameter(Mandatory = $false)]
+ [String[]]$removepattern,
+
+ #Scann all extensions
+ [Parameter(ValueFromPipeline = $true, HelpMessage = "Scann all extension")]
+ [switch]$Allextensions,
+
+ #Location the report will be saved
+ [Parameter(ValueFromPipeline = $true, HelpMessage = "Enter desired directory path to save; Default: %temp%")]
+ [String]$SavePath = $env:TEMP,
+
+ #Location Custom pattern file
+ [Parameter(ValueFromPipeline = $true, HelpMessage = "Enter Custome XML file path; Default: %module%\patterns.xml")]
+ [String]
+ [ValidateScript({
+ if ($_ -match '\.xml$') {
+ return $true
+ } else {
+ throw "The file must have a .xml extension."
+ }
+ })]$Custompatterns
+ )
+
+#region script
+#region code
+
+#region load prerequist
+
+# Test access to the share
+$testpath = Test-Path "\\$dnsDomain\sysvol\"
+if ($testpath -eq $false) {
+throw "Cannot access domain or share, pls check with GCI $dnsDomain"
+}
+
+# Test Modules
+$modulesToCheck = @("PSWriteOffice", "PSWritePDF", "PSWriteHTML")
+
+foreach ($module in $modulesToCheck) {
+ try {
+ # Check if module installed
+ if (!(Get-Module -ListAvailable -Name $module)) {
+ Write-Output "Installation du module : $module."
+ install-Module -Name $module -Force -Scope CurrentUser -ErrorAction Stop
+ Write-Output "The module $module has been successfully installed"
+ } else {
+ Write-Output "Module $module is installed"
+ }
+ } catch {
+ Write-Error "Erreur lors d'installation du module $module : $_"
+ throw "Script stopped due to an error during module installation $module."
+ }
+}
+
+# Check about Word office if installed or not to read old version doc,xls
+function Is-WordInstalled {
+ try {
+ $wordApp = New-Object -ComObject Word.Application
+ # If the COM object is created successfully, Word is installed
+ [System.Runtime.Interopservices.Marshal]::ReleaseComObject($wordApp) | Out-Null
+ return $true
+ } catch {
+ return $false
+ }
+}
+
+# Checkif 7zip is installed to read rar,7z protected file by password or encrypted
+function Is-7zip {
+$sevenZipRegPath = "HKLM:\SOFTWARE\7-Zip"
+$sevenZipPath = Get-ItemProperty -Path $sevenZipRegPath -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Path
+
+if (-not $sevenZipPath) {
+ $sevenZipRegPath = "HKCU:\Software\7-Zip" #Check in HKCU
+ $sevenZipPath = Get-ItemProperty -Path $sevenZipRegPath -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Path
+}
+
+if ($sevenZipPath) {
+ return $sevenZipPath
+} else {
+ return $false
+}
+}
+
+ $wordinstalled = Is-WordInstalled
+ $zipinstalled = Is-7zip
+
+ # Removing ghost runspaces
+ $PreviousRS = get-runspace | where-object {($_.id -ne 1)}
+ if ($PreviousRS) { $PreviousRS.dispose() }
+
+ $Results = $null
+ # Script start: obtain the current date and time
+ $startDate = Get-Date
+
+ #region getxmlcontenant
+ # Retrieve file extensions from the XML file
+ $xmlFileExtensions = Join-Path -Path $PSScriptRoot -ChildPath "file_extensions.xml"
+
+ $extensionsXML = [xml](Get-Content $xmlFileExtensions -Encoding UTF8)
+
+ if (!$Allextensions) {
+ $fileExtensions = $extensionsXML.root.FileExtensions.Extension
+ } else {
+ $fileExtensions = "*.*"
+ }
+
+ if ($AddExtensions) {
+
+ $fileExtensions = [System.Collections.ArrayList]@($fileExtensions)
+
+ $AddExtensions | ForEach-Object {
+ $fileExtensions.Add("*." + $_)
+ }
+
+ }
+
+ # Retrieve password patterns from the XML file
+ if ($Custompatterns) {
+ try {
+ $CustomextensionsXML = [xml](Get-Content $Custompatterns -Encoding UTF8)
+ $passwordPatterns = $CustomextensionsXML.root.PasswordPatterns.Pattern
+ } catch {
+ Write-Error "Error while reading the custom patterns file: $_"
+ throw "The custom patterns file could not be found or is invalid."
+ }
+ }
+ else {
+ $passwordPatterns = $extensionsXML.root.PasswordPatterns.Pattern
+ }
+
+ if ($passwordPatterns.Count -eq 0) {
+ throw "The custom patterns file could not be found or is invalid."
+ }
+ if ($Addpattern) {
+ $passwordPatterns = [System.Collections.ArrayList]@($passwordPatterns)
+
+ $Addpattern | ForEach-Object {
+ $passwordPatterns.Add($_)
+ }
+ }
+ if ($removepattern) {
+ $passwordPatterns = [System.Collections.ArrayList]@($passwordPatterns)
+ $removepattern | ForEach-Object {
+ $patternToRemove = $_
+ $patternsToRemove = $passwordPatterns | Where-Object { $_ -like "*$patternToRemove*" }
+ foreach ($pattern in $patternsToRemove) {
+ $passwordPatterns.Remove($pattern)
+ }
+ }
+}
+ if ($ignoreExtensions) {
+ $ignoreExtensions = $ignoreExtensions | ForEach-Object {
+ "*." + $_
+ }
+ }
+
+ #get binary sign from json and load module path
+
+ $module = Join-Path -Path $PSScriptRoot -ChildPath "FileHandlers.psm1"
+ $jsonfile = Join-Path -Path $PSScriptRoot -ChildPath "extensions.json"
+
+ try {
+ $jsonContent = Get-Content -Path $jsonfile -Raw | ConvertFrom-Json
+ } catch {
+ throw "Script stopped due to an error during json file $_ "
+ }
+
+ # Initialize a list to store the results
+ $Results = @()
+
+ #endregion getxmlcontenant
+
+#Initialize the variables
+$notAccessibleFiles = $fichiertraite = $Results = $null
+$pool = $runspaces = $null
+
+# Pool definition (creation of slots)
+$pool = [RunspaceFactory]::CreateRunspacePool(1,10)
+$pool.ApartmentState = "MTA"
+$pool.Open()
+$runspaces = @()
+
+#endregion load prerequist
+
+# Region Scriptfunction
+$scriptblock = {
+ Param (
+ [string]$sysfiles,
+ [string[]]$passwordPatterns,
+ [string]$wordinstalled,
+ [string]$zipinstalled,
+ [string]$module,
+ [object]$jsonContent
+ )
+
+ # Import modul FileHandlers.psm1
+ Import-Module $module -Verbose
+
+ [String]$detectedType = Get-FileType -filePath $sysfiles -jsonContent $jsonContent
+
+ # Function to search pattern by extensions
+ switch ($detectedType) {
+ 'docx' {
+ $results = Get-DocxContent -filePath $sysfiles -patterns $passwordPatterns
+ }
+ 'xlsx' {
+ $results = Get-XlsxContent -filepath $sysfiles -patterns $passwordPatterns
+ }
+ 'pptx' {
+ $results = Get-PPTContent -filepath $sysfiles -patterns $passwordPatterns -wordinstalled $wordinstalled
+ }
+ 'doc' {
+ $results = Get-DocContent -filepath $sysfiles -patterns $passwordPatterns -wordinstalled $wordinstalled
+ }
+ 'xls' {
+ $results = Get-XlsContent -filepath $sysfiles -patterns $passwordPatterns -wordinstalled $wordinstalled
+ }
+ {$_ -in "odp","ods","odt"} {
+ $results = Get-OdsContent -filepath $sysfiles -patterns $passwordPatterns # Même traitement que ods
+ }
+ 'pdf' {
+ $results = Get-PdfContent -filepath $sysfiles -patterns $passwordPatterns
+ }
+ 'xml' {
+ $results = Get-XmlContent -filepath $sysfiles -patterns $passwordPatterns
+ }
+ {$_ -in "exe","dll","msi","msu","cab"} {
+ $results = Get-ExecutablesContent -filepath $sysfiles
+ }
+ {$_ -in "pfx","cer","der"} {
+ $results = Get-CertifsContent -filepath $sysfiles
+ }
+ {$_ -in "p7b","p7c","p7s"} {
+ $results = Get-P7bCertContent -filepath $sysfiles
+ }
+ {$_ -in "jpg","jpeg","bmp","webp","png","ico","gif","bmp","tif"} {
+ $results = Get-HiddenFilesInImage -filepath $sysfiles
+ }
+ {$_ -in "zip","7z","rar"} {
+ $results = Get-Zipprotectedbypass -filepath $sysfiles -zipinstalled $zipinstalled
+ }
+ 'requires_check' {
+ $results = Get-RequiredCheckContent -filepath $sysfiles
+ }
+ 'others' {
+ $results = Get-OthersContent -filepath $sysfiles -patterns $passwordPatterns
+ }
+}
+
+ # Execute the appropriate command based on the detected file type
+ return $results
+}
+
+if (Is-WordInstalled) {
+# Terminate the running Word and Excel processes to prevent double opening
+Get-process *winword* -erroraction SilentlyContinue | Stop-Process
+Get-Process excel -erroraction SilentlyContinue | Stop-Process
+}
+
+$fichiertraite = 0
+# Define the array to store inaccessible files
+$notAccessibleFiles = @()
+# Create Jobs
+
+Get-ChildItem -Path \\$dnsDomain\sysvol -Recurse -File -Include $fileExtensions -Exclude $ignoreExtensions -Force -ErrorAction SilentlyContinue -ErrorVariable notacess | ForEach-Object {
+
+if ($notacess) {
+ Write-Output $notacess -ForegroundColor Red
+ $errorDetails = [PSCustomObject]@{
+ FilePath = $_.FullName
+ Error = $notacess
+ }
+ $notAccessibleFiles += $errorDetails
+ $notacess = $null
+ } else {
+
+$fichiertraite++
+$sysfiles = $_.FullName
+
+#clear
+Write-Host scans : $sysfiles -ForegroundColor Cyan
+$keepscrenn += "scans :" + $sysfiles
+
+
+$runspace = [PowerShell]::Create()
+$null = $runspace.AddScript($scriptblock)
+$null = $runspace.AddArgument($sysfiles)
+$null = $runspace.AddArgument($passwordPatterns)
+$null = $runspace.AddArgument($wordinstalled)
+$null = $runspace.AddArgument($zipinstalled)
+$null = $runspace.AddArgument($module)
+$null = $runspace.AddArgument($jsonContent)
+$runspace.RunspacePool = $pool
+$runspaces += [PSCustomObject]@{ Pipe = $runspace; Status = $runspace.BeginInvoke() }
+}
+}
+
+Write-Host "scan finished prepare analyse ..." -ForegroundColor Green
+
+# Display the slots and current statistic
+ while ($runspaces.Status -ne $null) {
+
+ Start-Sleep 2
+ Clear-Host
+
+ $slt_tot = Get-Runspace | Where-Object { $_.Id -ne 1 -and $_.RunspaceIsRemote -eq $false }
+ $slt_encours = Get-Runspace | Where-Object { $_.Id -ne 1 -and $_.RunspaceAvailability -like "InUse" }
+
+ Write-Host "All Objects = " $runspaces.Count
+ Write-Host "Total Slots = " $slt_tot.Count
+ Write-Host "Used SLots= " $slt_encours.Count
+ Write-Host "Remaining objects =" ($runspaces | Where-Object { $_.Status.IsCompleted -eq $false }).Count
+
+ $completed = $runspaces | Where-Object { $_.Status.IsCompleted -eq $true }
+
+ foreach ($runspace in $completed) {
+ $Results += $runspace.Pipe.EndInvoke($runspace.Status)
+ $runspace.Status = $null
+ }
+ }
+
+#endregion code
+
+#region summary
+Write-Host "Scan completed, calculating statistics" -ForegroundColor Green
+
+# Sort results in unique mode
+$Results = $Results | Select-Object -Unique FilePath, pattern, Reason
+
+$sortedGroups = $Results.filepath | Group-Object | Sort-Object -Property Count -Descending
+
+# Select the first 5 Path
+$top5path = $sortedGroups | Select-Object Count,Name -First 5
+
+# Remove commun domain path
+$commonPath = "\\$dnsDomain\sysvol\$dnsDomain"
+$top5path = $top5path | ForEach-Object {
+ $_.Name = $_.Name -replace [regex]::Escape($commonPath), '' -replace ("\\"), '\\'
+ $_
+}
+
+# Top 5 words
+$top5Words= $Results.pattern | Group-Object | Sort-Object -Property Count -Descending | Select-Object Count,name -First 5
+
+# Skip default GPO policy password settings
+$FilteredResults = $Results | Where-Object {
+ -not ($_."FilePath" -match '\\Windows NT\\SecEdit\\GptTmpl\.inf' -and $_.Reason -match 'MinimumPasswordAge|MaximumPasswordAge|MinimumPasswordLength|PasswordComplexity|PasswordHistorySize|RequireLogonToChangePassword|ClearTextPassword')
+}
+$Allwords = $FilteredResults | Group-Object -Property pattern | Sort-Object -Property Count -Descending | Select-Object Count, Name
+
+#Number found objects
+$Objectfound = 0
+$Objectfound = $sortedGroups.Count
+
+# Group file paths by file extension
+$groupedFiles = $sortedGroups.name | Group-Object -Property { ($_ -split "\.")[-1] } | select Count,name
+
+# End of the script: obtain the current date and time
+$endDate = Get-Date
+
+# Calculate the time difference
+$elapsedTime = New-TimeSpan -Start $startDate -End $endDate
+$elapsedTime = $($elapsedTime.ToString("hh\:mm\:ss"))
+
+#region Calcul potentiel risk
+# Assume that $top5Groups, $Allwords, and $Objectfound are already defined"
+$totalRisk = 0
+
+# Assess the risk based on the number of files containing passwords
+if ($Objectfound -gt 20) {
+ $totalRisk += 10
+} else {
+ $totalRisk += ($Objectfound/20) * 10
+}
+
+# Iterate through the keywords in $Allwords and adjust the risk score
+foreach ($word in $Allwords) {
+ switch -Regex ($word.Name) {
+ "AutoLogon|cpassword" {
+ $totalRisk += 7 * $word.Count
+ break
+ }
+ "Password|Pass|\bpass\b|\bpwd\b" {
+ $totalRisk += 3 * $word.Count
+ break
+ }
+ "net use|net user|NotSigned|check required" {
+ $totalRisk += 3 * $word.Count
+ break
+ }
+ "sha1|md5" {
+ $totalRisk += 5 * $word.Count
+ break
+ }
+ "credentials|\bsecret\b|IPv4" {
+ $totalRisk += 2 * $word.Count
+ break
+ }
+ }
+}
+
+# Limited score to 100%
+if ($totalRisk -gt 100) {
+ $totalRisk = 100
+}
+
+#endregion Calcul potentiel risk
+
+#endregion Summary
+
+# Close all Slots and pool
+$pool.Close()
+$pool.Dispose()
+
+#endregion Script
+
+#region HTML
+
+$logo = "https://github.com/dakhama-mehdi/Harden-Sysvol/blob/main/Pictures/HardenSysvol.png?raw=true"
+$rightlogo = "https://github.com/dakhama-mehdi/Harden-Sysvol/blob/main/Pictures/Rightlogo.png?raw=true"
+
+# Generate HTML report
+Write-Host "Generate HTML" -ForegroundColor Green
+
+[String]$SavePath = $SavePath + '\hardensysvol.html'
+
+New-HTML -TitleText 'HardenSysvol' -FilePath $SavePath -ShowHTML:$true {
+ New-HTMLHeader {
+ New-HTMLSection -Invisible {
+ New-HTMLPanel -Invisible {
+ New-HTMLText -Text "Domain : $($dnsDomain)" -Alignment left -FontSize 30 -FontWeight 100 -Color Blue
+ New-HTMLText -Text "Report date: $startDate" -Alignment left -FontSize 15
+ New-HTMLText -Text "Elapsed : $elapsedTime" -Alignment left -FontSize 15
+ } -AlignContentText left
+ New-HTMLPanel -Invisible -AlignContentText right {
+ New-HTMLImage -Source $logo -Class 'otehr' -Width 30% -Height 20%
+ }
+
+ }
+ }
+ New-HTMLTab -Name 'Tab 1 : Dashboard' -IconRegular chart-bar {
+ New-HTMLTabStyle -BackgroundColorActive Teal
+ New-HTMLSection -Width "80%" -Invisible {
+ New-HTMLSection -Width "40%" -Invisible {
+ New-HTMLGage -Label 'Indicator Risk' -MinValue 0 -MaxValue 100 -Value $totalRisk -ValueColor Black -LabelColor Black -Pointer -StrokeColor Akaroa -SectorColors AirForceBlue
+ }
+ New-HTMLSection -Width "60%" -name 'Total processed' -HeaderBackGroundColor Teal {
+ New-HTMLChart -Gradient -TitleAlignment center -Height 200 {
+ New-ChartTheme -Palette palette4
+ New-ChartPie -Name 'Total objects' -Value $runspaces.count
+ New-ChartPie -Name 'Found objects' -Value $Objectfound
+ }
+ }
+ New-HTMLSection -Width "60%" -name 'Extensions by type' -HeaderBackGroundColor Teal {
+ if ($groupedFiles) {
+ New-HTMLChart -Gradient -TitleAlignment center -Height 200 {
+ New-ChartTheme -Mode light
+ foreach ($grpfiles in $groupedFiles) {
+ New-ChartPie -Name $grpfiles.name -Value $grpfiles.count
+ }
+ }
+ }
+ }
+ }
+ New-HTMLSection -name 'Resume' -HeaderBackGroundColor Teal {
+ New-HTMLPanel {
+ if ($top5path) {
+ New-HTMLChart -Title 'Top 5 Files' -TitleAlignment center -Height "140%" {
+ $legendNames = @()
+ $chartValues = @()
+ foreach ($word in $top5path) {
+ $legendNames += $word.name
+ $chartValues += $word.count
+ }
+ New-ChartToolbar -Download pan
+ New-ChartLegend -Name $legendNames -HideLegend
+ New-ChartBarOptions -Type barStacked
+ New-ChartBar -Name 'Path' -Value $chartValues
+ }
+ }
+ else { New-HTMLText -FontSize 20px -Text "
Top files
No data" -Alignment center -Color Grey }
+ }
+ New-HTMLPanel {
+ if ($top5Words) {
+ New-HTMLChart -Title 'Top 5 Reason' -TitleAlignment Center -Height 100% {
+ $legendNames = @()
+ $chartValues = @()
+ foreach ($word in $top5Words) {
+ $legendNames += $word.name
+ $chartValues += $word.count
+ }
+ New-ChartToolbar -Download -Pan
+ New-ChartBarOptions -Gradient
+ New-ChartLegend -Name $legendNames -HideLegend
+ New-ChartBar -Name 'Pattern' -Value $chartValues
+ }
+ }
+ else { New-HTMLText -FontSize 20px -Text "
Top reason
No data" -Alignment center -Color Grey }
+ }
+ New-HTMLPanel -Width "70%" {
+ New-HTMLList {
+ New-HTMLListItem -Text 'Harden-Sysvol _ Version : 1.7 _ Release : 10/2024'
+ New-HTMLListItem -Text 'Author : Dakhama Mehdi
+
Credit : HardenAD Community [HardenAD](https://www.hardenad.net/)
+
Credit : It-connect Community [It-Connect](https://www.it-connect.fr/)
+
Thanks : Przemyslaw Klys [Evotec](https://evotec.xyz) for Module PSWriteHTML/PswriteOffice'
+ } -FontSize 14
+ }
+
+ }
+ New-HTMLSection -Width "60%" -HeaderBackGroundColor Teal -name 'Tips & Best pratices' {
+ New-HTMLPanel -Width "60%" {
+ New-HTMLImage -Source $rightlogo
+ }
+ New-HTMLPanel {
+ New-HTMLTabPanel -Orientation vertical -Theme 'pills' {
+ New-HTMLTab -Name 'Why check Sysvol' -IconBrands 500px {
+ New-HTMLText -FontSize 18px -Text "The Sysvol folder is crucial for distributing scripts and Group Policy Objects (GPOs) to all domain computers.
+ It may contain sensitive information, such as plain-text passwords, making it a prime target for attackers.
+
A vulnerability in Sysvol can compromise the entire domain. Therefore, it is essential to restrict permissions, monitor changes,
+ and regularly audit its contents to ensure network security and compliance."
+ }
+ New-HTMLTab -Name 'Audit GPO' -IconBrands 500px {
+ New-HTMLText -FontSize 18px -Text "Regularly audit GPOs to verify their contents, such as plain-text passwords in configuration files or auto-logon scripts,
+ and the presence of unsigned sources.
Frequently run the GPOZaurr tool, which provides a comprehensive report to help identify and mitigate these risks.
+
[GPOZaurr](https://github.com/EvotecIT/GPOZaurr/)
"
+ }
+ New-HTMLTab -Name 'Best Pratic' -IconBrands 500px {
+ New-HTMLText -FontSize 18px -Text "Enable audits on the Sysvol folder and monitor logs for multiple search attempts, as this may indicate enumeration attempts.
+ Some elements in the Sysvol folder are not meant to be accessed by everyone. If possible, place a honeypot script in the Netlogon folder to trigger alerts for suspicious activity.
+
[Autologon](https://learn.microsoft.com/fr-fr/sysinternals/downloads/autologon/)
"
+ }
+ New-HTMLTab -Name 'Tips ' -IconBrands 500px {
+ New-HTMLText -FontSize 18px -Text "Do not store large files, such as ISO or .zip files, in the Sysvol folder. This can lead to replication issues and unnecessary consumption of storage resources, impacting the performance and reliability of your network
Move your scripts to a shared folder and grant access only to the relevant groups, not authenticated users. This will reduce vulnerabilities, especially if the scripts contain credentials or deploy critical applications."
+ }
+ New-HTMLTab -Name 'Hardening AD' -IconBrands 500px {
+ New-HTMLText -FontSize 18px -Text "Use AD hardening to ensure security and reduce risks.
Disable old protocols like SMB1 and anonymous enumeration on DC shares.
+
Implement an N-tier architecture model, a PAW, and Silos.
+ To facilitate this, refer to the HardenAD project.
+
[HardenAD](https://github.com/LoicVeirman/HardenAD/)
"
+ }
+ }
+ }
+ }
+ }
+ New-HTMLTab -Name 'Tab 2 : Details' -IconSolid user-alt {
+ New-HTMLSection -Invisible {
+ New-HTMLTableOption -DataStore JavaScript
+ New-htmlTable -HideFooter -DataTable $Results -TextWhenNoData 'Information: No sentivity data found'
+ }
+ New-HTMLSection -HeaderBackGroundColor CarrotOrange -HeaderText 'Errors log' {
+ New-HTMLTableOption -DataStore JavaScript
+ New-htmlTable -HideFooter -DataTable $notAccessibleFiles -TextWhenNoData 'No errors during scanning'
+ }
+ }
+}
+
+#endregion HTML
+
+}
+# SIG # Begin signature block
+# MIImVgYJKoZIhvcNAQcCoIImRzCCJkMCAQExDzANBglghkgBZQMEAgEFADB5Bgor
+# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
+# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBJGo2+C4C2eMCc
+# U8TdC/kYg4/ha4xBvAohM4/yrceSJaCCH+wwggWNMIIEdaADAgECAhAOmxiO+dAt
+# 5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
+# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNV
+# BAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4MDEwMDAwMDBa
+# Fw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy
+# dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD
+# ZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+# ggIBAL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3E
+# MB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKy
+# unWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsF
+# xl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU1
+# 5zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB
+# MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObUR
+# WBf3JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6
+# nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxB
+# YKqxYxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5S
+# UUd0viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+x
+# q4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjggE6MIIB
+# NjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTs1+OC0nFdZEzfLmc/57qYrhwP
+# TzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAOBgNVHQ8BAf8EBAMC
+# AYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp
+# Y2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv
+# bS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0
+# aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENB
+# LmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggEBAHCgv0Nc
+# Vec4X6CjdBs9thbX979XB72arKGHLOyFXqkauyL4hxppVCLtpIh3bb0aFPQTSnov
+# Lbc47/T/gLn4offyct4kvFIDyE7QKt76LVbP+fT3rDB6mouyXtTP0UNEm0Mh65Zy
+# oUi0mcudT6cGAxN3J0TU53/oWajwvy8LpunyNDzs9wPHh6jSTEAZNUZqaVSwuKFW
+# juyk1T3osdz9HNj0d1pcVIxv76FQPfx2CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPF
+# mCLBsln1VWvPJ6tsds5vIy30fnFqI2si/xK4VC0nftg62fC2h5b9W9FcrBjDTZ9z
+# twGpn1eqXijiuZQwggYoMIIEEKADAgECAhBrxlWg9go45bxtH9Zi+WCgMA0GCSqG
+# SIb3DQEBCwUAMFYxCzAJBgNVBAYTAlBMMSEwHwYDVQQKExhBc3NlY28gRGF0YSBT
+# eXN0ZW1zIFMuQS4xJDAiBgNVBAMTG0NlcnR1bSBDb2RlIFNpZ25pbmcgMjAyMSBD
+# QTAeFw0yNDExMDYwOTQ0MjlaFw0yNTExMDYwOTQ0MjhaME4xCzAJBgNVBAYTAkZS
+# MQ8wDQYDVQQHDAZUb3Vsb24xFjAUBgNVBAoMDU1laGRpIERha2hhbWExFjAUBgNV
+# BAMMDU1laGRpIERha2hhbWEwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIB
+# gQCsFc3e5PwEJuycVRR54Qp8hFEckVwj7u1hMc7fejXKC/oR+uixlujLAHA9NcGX
+# jcQIXNP3GmezLF3Tj6Jvcs/kNT/a5zqjI5HEfIap7EHwf03f5060+Rc21v1UDjzj
+# DZzi9xFFum8eeGLc4pTzUB3wP3+M+mY7d5QlTjIxZSNnMBisJE8ASqG9JtRcQmIz
+# HACI70xRCQVV8ZjJ8J+Shr6wkNdDy/IjR+Y9VkMRIJozWR+pqbKuQOIDBSxQYVHg
+# bT+gsLOfvHkBPJN0ZQe7eJdG7J78Z1nzNH9yXhZ0HHdPB80tUwM0HC1n4LO3kki/
+# IBmg4Qq/UyMMQd826fJk3ylbAlf8w7N80INQcLLBGVECmWI21d9f3l5usvWDa+mJ
+# ma57c6GUDY05Jg5owLgNREZsyRt5rOlg68NLmz9tuEkJA1D4ntpKq0KZc3HJv04x
+# XTcfTEqbKYr7vZ//ENsell5UdUQxL6rGJzazhsK02ZcmasICiHNLfG/tBaolCbeM
+# 8ekCAwEAAaOCAXgwggF0MAwGA1UdEwEB/wQCMAAwPQYDVR0fBDYwNDAyoDCgLoYs
+# aHR0cDovL2Njc2NhMjAyMS5jcmwuY2VydHVtLnBsL2Njc2NhMjAyMS5jcmwwcwYI
+# KwYBBQUHAQEEZzBlMCwGCCsGAQUFBzABhiBodHRwOi8vY2NzY2EyMDIxLm9jc3At
+# Y2VydHVtLmNvbTA1BggrBgEFBQcwAoYpaHR0cDovL3JlcG9zaXRvcnkuY2VydHVt
+# LnBsL2Njc2NhMjAyMS5jZXIwHwYDVR0jBBgwFoAU3XRdTADbe5+gdMqxbvc8wDLA
+# cM0wHQYDVR0OBBYEFAG3sIcT8bRm7QyFu8699Gpkr5NmMEsGA1UdIAREMEIwCAYG
+# Z4EMAQQBMDYGCyqEaAGG9ncCBQEEMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vd3d3
+# LmNlcnR1bS5wbC9DUFMwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDgYDVR0PAQH/BAQD
+# AgeAMA0GCSqGSIb3DQEBCwUAA4ICAQCJ58BnchFNGzLksJ9oHFEWTs643G+PKOHr
+# 9RmrKSB/4MtPriG5iez+MFsGqYwkYd5QzqOIYg24ctfbWXJWG8Xj+YMfp1r+hkYq
+# O0Abpv26sZ1ZjNGgGUbb3z7KqhY+IdVpZf2aG/Rycl5dE2LbhWqp9h24WfQCIS/e
+# XxH7HmM9SEBHYbfOqlEA+RF/gRGYCQOg0ui2j0ZzIOrQGj3Njn/5rzP9OmPmLt4h
+# DsixjFWgu598XmRKj5KW1MShFIjUuUzSmOWDgKA16lJi6LggdFAB/MImiDH48v8N
+# /9R9En24pUGGj2XOgBX5SZ4kj+VN1YaY1vYPFp3wLu85zpgRZgZQC+WurX8s1tRn
+# iCIj/+ajUB4G4TcbTz6k16X1Yz9ba1y7p/hJB92uDW7esMGgqzEv+Osd11bVoNmv
+# CE8Twsz0cuFJqBtVZIycCkgw/AVyJIsNS6RADi94PvbOf8rty8HV3bHmm6O4wJVc
+# 5ch50bL7JVyYTPN5OTzXSDx62wKi5ePZvEF7RX3cQlTQMYticde91khs2n2FZ06K
+# Uin5DtQgxy0Q1ufFIDZthsk5AaSWiZzFgAgJt8JaQGPyGAYl2Sr8a/gMLpcBsPwI
+# zdlDUOJwyHPxlR9ZiraUzF/1SSN7CgjqFSDAAZ+i4i8gZsPpU38GtBSLrw/CrnUB
+# /KGcFNMvszCCBq4wggSWoAMCAQICEAc2N7ckVHzYR6z9KGYqXlswDQYJKoZIhvcN
+# AQELBQAwYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcG
+# A1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3Rl
+# ZCBSb290IEc0MB4XDTIyMDMyMzAwMDAwMFoXDTM3MDMyMjIzNTk1OVowYzELMAkG
+# A1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdp
+# Q2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTCC
+# AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMaGNQZJs8E9cklRVcclA8Ty
+# kTepl1Gh1tKD0Z5Mom2gsMyD+Vr2EaFEFUJfpIjzaPp985yJC3+dH54PMx9QEwsm
+# c5Zt+FeoAn39Q7SE2hHxc7Gz7iuAhIoiGN/r2j3EF3+rGSs+QtxnjupRPfDWVtTn
+# KC3r07G1decfBmWNlCnT2exp39mQh0YAe9tEQYncfGpXevA3eZ9drMvohGS0UvJ2
+# R/dhgxndX7RUCyFobjchu0CsX7LeSn3O9TkSZ+8OpWNs5KbFHc02DVzV5huowWR0
+# QKfAcsW6Th+xtVhNef7Xj3OTrCw54qVI1vCwMROpVymWJy71h6aPTnYVVSZwmCZ/
+# oBpHIEPjQ2OAe3VuJyWQmDo4EbP29p7mO1vsgd4iFNmCKseSv6De4z6ic/rnH1ps
+# lPJSlRErWHRAKKtzQ87fSqEcazjFKfPKqpZzQmiftkaznTqj1QPgv/CiPMpC3BhI
+# fxQ0z9JMq++bPf4OuGQq+nUoJEHtQr8FnGZJUlD0UfM2SU2LINIsVzV5K6jzRWC8
+# I41Y99xh3pP+OcD5sjClTNfpmEpYPtMDiP6zj9NeS3YSUZPJjAw7W4oiqMEmCPkU
+# EBIDfV8ju2TjY+Cm4T72wnSyPx4JduyrXUZ14mCjWAkBKAAOhFTuzuldyF4wEr1G
+# nrXTdrnSDmuZDNIztM2xAgMBAAGjggFdMIIBWTASBgNVHRMBAf8ECDAGAQH/AgEA
+# MB0GA1UdDgQWBBS6FtltTYUvcyl2mi91jGogj57IbzAfBgNVHSMEGDAWgBTs1+OC
+# 0nFdZEzfLmc/57qYrhwPTzAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYB
+# BQUHAwgwdwYIKwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k
+# aWdpY2VydC5jb20wQQYIKwYBBQUHMAKGNWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0
+# LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3J0MEMGA1UdHwQ8MDowOKA2oDSG
+# Mmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQu
+# Y3JsMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATANBgkqhkiG9w0B
+# AQsFAAOCAgEAfVmOwJO2b5ipRCIBfmbW2CFC4bAYLhBNE88wU86/GPvHUF3iSyn7
+# cIoNqilp/GnBzx0H6T5gyNgL5Vxb122H+oQgJTQxZ822EpZvxFBMYh0MCIKoFr2p
+# Vs8Vc40BIiXOlWk/R3f7cnQU1/+rT4osequFzUNf7WC2qk+RZp4snuCKrOX9jLxk
+# Jodskr2dfNBwCnzvqLx1T7pa96kQsl3p/yhUifDVinF2ZdrM8HKjI/rAJ4JErpkn
+# G6skHibBt94q6/aesXmZgaNWhqsKRcnfxI2g55j7+6adcq/Ex8HBanHZxhOACcS2
+# n82HhyS7T6NJuXdmkfFynOlLAlKnN36TU6w7HQhJD5TNOXrd/yVjmScsPT9rp/Fm
+# w0HNT7ZAmyEhQNC3EyTN3B14OuSereU0cZLXJmvkOHOrpgFPvT87eK1MrfvElXvt
+# Cl8zOYdBeHo46Zzh3SP9HSjTx/no8Zhf+yvYfvJGnXUsHicsJttvFXseGYs2uJPU
+# 5vIXmVnKcPA3v5gA3yAWTyf7YGcWoWa63VXAOimGsJigK+2VQbc61RWYMbRiCQ8K
+# vYHZE/6/pNHzV9m8BPqC3jLfBInwAM1dwvnQI38AC+R2AibZ8GV2QqYphwlHK+Z/
+# GqSFD/yYlvZVVCsfgPrA8g4r5db7qS9EFUrnEw4d2zc4GqEr9u3WfPwwgga5MIIE
+# oaADAgECAhEAmaOACiZVO2Wr3G6EprPqOTANBgkqhkiG9w0BAQwFADCBgDELMAkG
+# A1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAl
+# BgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMb
+# Q2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMB4XDTIxMDUxOTA1MzIxOFoXDTM2
+# MDUxODA1MzIxOFowVjELMAkGA1UEBhMCUEwxITAfBgNVBAoTGEFzc2VjbyBEYXRh
+# IFN5c3RlbXMgUy5BLjEkMCIGA1UEAxMbQ2VydHVtIENvZGUgU2lnbmluZyAyMDIx
+# IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnSPPBDAjO8FGLOcz
+# cz5jXXp1ur5cTbq96y34vuTmflN4mSAfgLKTvggv24/rWiVGzGxT9YEASVMw1Aj8
+# ewTS4IndU8s7VS5+djSoMcbvIKck6+hI1shsylP4JyLvmxwLHtSworV9wmjhNd62
+# 7h27a8RdrT1PH9ud0IF+njvMk2xqbNTIPsnWtw3E7DmDoUmDQiYi/ucJ42fcHqBk
+# bbxYDB7SYOouu9Tj1yHIohzuC8KNqfcYf7Z4/iZgkBJ+UFNDcc6zokZ2uJIxWgPW
+# XMEmhu1gMXgv8aGUsRdaCtVD2bSlbfsq7BiqljjaCun+RJgTgFRCtsuAEw0pG9+F
+# A+yQN9n/kZtMLK+Wo837Q4QOZgYqVWQ4x6cM7/G0yswg1ElLlJj6NYKLw9EcBXE7
+# TF3HybZtYvj9lDV2nT8mFSkcSkAExzd4prHwYjUXTeZIlVXqj+eaYqoMTpMrfh5M
+# CAOIG5knN4Q/JHuurfTI5XDYO962WZayx7ACFf5ydJpoEowSP07YaBiQ8nXpDkNr
+# UA9g7qf/rCkKbWpQ5boufUnq1UiYPIAHlezf4muJqxqIns/kqld6JVX8cixbd6Pz
+# kDpwZo4SlADaCi2JSplKShBSND36E/ENVv8urPS0yOnpG4tIoBGxVCARPCg1BnyM
+# J4rBJAcOSnAWd18Jx5n858JSqPECAwEAAaOCAVUwggFRMA8GA1UdEwEB/wQFMAMB
+# Af8wHQYDVR0OBBYEFN10XUwA23ufoHTKsW73PMAywHDNMB8GA1UdIwQYMBaAFLah
+# VDkCw6A/joq8+tT4HKbROg79MA4GA1UdDwEB/wQEAwIBBjATBgNVHSUEDDAKBggr
+# BgEFBQcDAzAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vY3JsLmNlcnR1bS5wbC9j
+# dG5jYTIuY3JsMGwGCCsGAQUFBwEBBGAwXjAoBggrBgEFBQcwAYYcaHR0cDovL3N1
+# YmNhLm9jc3AtY2VydHVtLmNvbTAyBggrBgEFBQcwAoYmaHR0cDovL3JlcG9zaXRv
+# cnkuY2VydHVtLnBsL2N0bmNhMi5jZXIwOQYDVR0gBDIwMDAuBgRVHSAAMCYwJAYI
+# KwYBBQUHAgEWGGh0dHA6Ly93d3cuY2VydHVtLnBsL0NQUzANBgkqhkiG9w0BAQwF
+# AAOCAgEAdYhYD+WPUCiaU58Q7EP89DttyZqGYn2XRDhJkL6P+/T0IPZyxfxiXumY
+# lARMgwRzLRUStJl490L94C9LGF3vjzzH8Jq3iR74BRlkO18J3zIdmCKQa5LyZ48I
+# fICJTZVJeChDUyuQy6rGDxLUUAsO0eqeLNhLVsgw6/zOfImNlARKn1FP7o0fTbj8
+# ipNGxHBIutiRsWrhWM2f8pXdd3x2mbJCKKtl2s42g9KUJHEIiLni9ByoqIUul4Gb
+# lLQigO0ugh7bWRLDm0CdY9rNLqyA3ahe8WlxVWkxyrQLjH8ItI17RdySaYayX3Ph
+# RSC4Am1/7mATwZWwSD+B7eMcZNhpn8zJ+6MTyE6YoEBSRVrs0zFFIHUR08Wk0ikS
+# f+lIe5Iv6RY3/bFAEloMU+vUBfSouCReZwSLo8WdrDlPXtR0gicDnytO7eZ5827N
+# S2x7gCBibESYkOh1/w1tVxTpV2Na3PR7nxYVlPu1JPoRZCbH86gc96UTvuWiOruW
+# myOEMLOGGniR+x+zPF/2DaGgK2W1eEJfo2qyrBNPvF7wuAyQfiFXLwvWHamoYtPZ
+# o0LHuH8X3n9C+xN4YaNjt2ywzOr+tKyEVAotnyU9vyEVOaIYMk3IeBrmFnn0gbKe
+# TTyYeEEUz/Qwt4HOUBCrW602NCmvO1nm+/80nLy5r0AZvCQxaQ4wgga8MIIEpKAD
+# AgECAhALrma8Wrp/lYfG+ekE4zMEMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYT
+# AlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQg
+# VHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0EwHhcNMjQw
+# OTI2MDAwMDAwWhcNMzUxMTI1MjM1OTU5WjBCMQswCQYDVQQGEwJVUzERMA8GA1UE
+# ChMIRGlnaUNlcnQxIDAeBgNVBAMTF0RpZ2lDZXJ0IFRpbWVzdGFtcCAyMDI0MIIC
+# IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvmpzn/aVIauWMLpbbeZZo7Xo
+# /ZEfGMSIO2qZ46XB/QowIEMSvgjEdEZ3v4vrrTHleW1JWGErrjOL0J4L0HqVR1cz
+# SzvUQ5xF7z4IQmn7dHY7yijvoQ7ujm0u6yXF2v1CrzZopykD07/9fpAT4BxpT9vJ
+# oJqAsP8YuhRvflJ9YeHjes4fduksTHulntq9WelRWY++TFPxzZrbILRYynyEy7rS
+# 1lHQKFpXvo2GePfsMRhNf1F41nyEg5h7iOXv+vjX0K8RhUisfqw3TTLHj1uhS66Y
+# X2LZPxS4oaf33rp9HlfqSBePejlYeEdU740GKQM7SaVSH3TbBL8R6HwX9QVpGnXP
+# lKdE4fBIn5BBFnV+KwPxRNUNK6lYk2y1WSKour4hJN0SMkoaNV8hyyADiX1xuTxK
+# aXN12HgR+8WulU2d6zhzXomJ2PleI9V2yfmfXSPGYanGgxzqI+ShoOGLomMd3mJt
+# 92nm7Mheng/TBeSA2z4I78JpwGpTRHiT7yHqBiV2ngUIyCtd0pZ8zg3S7bk4QC4R
+# rcnKJ3FbjyPAGogmoiZ33c1HG93Vp6lJ415ERcC7bFQMRbxqrMVANiav1k425zYy
+# FMyLNyE1QulQSgDpW9rtvVcIH7WvG9sqYup9j8z9J1XqbBZPJ5XLln8mS8wWmdDL
+# nBHXgYly/p1DhoQo5fkCAwEAAaOCAYswggGHMA4GA1UdDwEB/wQEAwIHgDAMBgNV
+# HRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMCAGA1UdIAQZMBcwCAYG
+# Z4EMAQQCMAsGCWCGSAGG/WwHATAfBgNVHSMEGDAWgBS6FtltTYUvcyl2mi91jGog
+# j57IbzAdBgNVHQ4EFgQUn1csA3cOKBWQZqVjXu5Pkh92oFswWgYDVR0fBFMwUTBP
+# oE2gS4ZJaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0
+# UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNybDCBkAYIKwYBBQUHAQEEgYMw
+# gYAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBYBggrBgEF
+# BQcwAoZMaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3Rl
+# ZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsF
+# AAOCAgEAPa0eH3aZW+M4hBJH2UOR9hHbm04IHdEoT8/T3HuBSyZeq3jSi5GXeWP7
+# xCKhVireKCnCs+8GZl2uVYFvQe+pPTScVJeCZSsMo1JCoZN2mMew/L4tpqVNbSpW
+# O9QGFwfMEy60HofN6V51sMLMXNTLfhVqs+e8haupWiArSozyAmGH/6oMQAh078qR
+# h6wvJNU6gnh5OruCP1QUAvVSu4kqVOcJVozZR5RRb/zPd++PGE3qF1P3xWvYViUJ
+# Lsxtvge/mzA75oBfFZSbdakHJe2BVDGIGVNVjOp8sNt70+kEoMF+T6tptMUNlehS
+# R7vM+C13v9+9ZOUKzfRUAYSyyEmYtsnpltD/GWX8eM70ls1V6QG/ZOB6b6Yum1Hv
+# IiulqJ1Elesj5TMHq8CWT/xrW7twipXTJ5/i5pkU5E16RSBAdOp12aw8IQhhA/vE
+# bFkEiF2abhuFixUDobZaA0VhqAsMHOmaT3XThZDNi5U2zHKhUs5uHHdG6BoQau75
+# KiNbh0c+hatSF+02kULkftARjsyEpHKsF7u5zKRbt5oK5YGwFvgc4pEVUNytmB3B
+# pIiowOIIuDgP5M9WArHYSAR16gc0dP2XdkMEP5eBsX7bf/MGN4K3HP50v/01ZHo/
+# Z5lGLvNwQ7XHBx1yomzLP8lx4Q1zZKDyHcp4VQJLu2kWTsKsOqQxggXAMIIFvAIB
+# ATBqMFYxCzAJBgNVBAYTAlBMMSEwHwYDVQQKExhBc3NlY28gRGF0YSBTeXN0ZW1z
+# IFMuQS4xJDAiBgNVBAMTG0NlcnR1bSBDb2RlIFNpZ25pbmcgMjAyMSBDQQIQa8ZV
+# oPYKOOW8bR/WYvlgoDANBglghkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQow
+# CKACgAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcC
+# AQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCCF+TYonhoxdHbDSDAI
+# KaEFdM8uqGTSHoRzEkgRlFsL0TANBgkqhkiG9w0BAQEFAASCAYClAqp2hQkMJlrr
+# t2uCWX455pMmYzpYadAq6SnoOQUSUGfD+MWLBeaUhwPz2u5kM1Fwn92GLASmCAuC
+# AisQrp72H+N2S352/XKzxtz8MdFtNDOYKkF0sW8O+17TUzDZ2wxMub1LgwlPrzpx
+# wvWWiLxDu+B0FemZZd+QsVmadbRiqMHowDKRZPDK1qSvDzw4zLSNidULbBGd4+KF
+# SAv/f/f4XOTBq+4FStekDXfAVbYytI5Ms/zkg4dMBC6kUdrcQ9pvKn4QDsOl3N0w
+# SltLjs5F5VRRcZN3vhCfADTPFzh1VtIvzyc+Xm08Q42TBXcjbMLfQy1/BANI2ktR
+# YYWe506lyopqP0ZB4ibhTnc+peoRPHUaCsUKw/mjnBMLJGKzYhEZ9qmAFxmoNDOg
+# 67LKYGXPYfdgRgENc7v4e6FjUjXL2VUGJKX/VqcpJC2Bt1vqbC+YIM1LcEe1gh72
+# pjhmt+y5liTRhwGWtAIfyjHWP+a6NILMzHjfRzLwUcll6Ax9Nx+hggMgMIIDHAYJ
+# KoZIhvcNAQkGMYIDDTCCAwkCAQEwdzBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMO
+# RGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNB
+# NDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBAhALrma8Wrp/lYfG+ekE4zMEMA0G
+# CWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG
+# 9w0BCQUxDxcNMjQxMTEzMjMzOTE4WjAvBgkqhkiG9w0BCQQxIgQgAkM7xXQrYAPH
+# +ptJCDKHG8T/PplcUYjlSY0G6c3qnNkwDQYJKoZIhvcNAQEBBQAEggIAImj2st6X
+# M9vWBj7br8OW8yrnZXGo49D+7OO32BfeEjkLxgobPv/rBVjFiIS8+KwQM3kK6FDY
+# g2oMoKZg5KuPbvZXLoEkGLHq1mtdaEso9JrvaGWUSpsTCBLEVkhRcn4BVgEVcAR0
+# fCJN6OGWW12/qI7eYADaMdSOTRS8TpALvJhOP3DzCnXORyWWwgHOcWgVnZmKdRbr
+# OEcN/odJwgTKtPdGHUuTqPY6dZPc4l+dMmUR0nbJm3zuuGGl3dOwLGygnOKjHmMC
+# 2Q3T+GlTz+Fl1lLcwCsLA73T1KMI9SUV0SJwbAyxnQoLq+x8pJ+wBqtbONZeufb0
+# GPScbyiXOoxfpvVoZ0SO0CYcvop+a9oyf7tbrPVyewH1KWbQjZf2VKzelin/+RO1
+# dT9QEKeN9Kam+yf6V6tbjQ/UaXJU+q6IPzODeYwE/c0DQx+07Z23lZOKMBP9DnWU
+# MITrgiuKwyi9oIMMu9oxIgGvCTTWgyFMpdAR85RHK3F0LN2TimwJP9jWuJQO5Jul
+# pWgwo1khh116AxE0mDg+LClkADnDMXfW9GD/sPlMrHEaeeykPevJbbN5g0weM4rN
+# XvvrLRVlJQWKtsN2FOSZQSTZzJUWnUKUoJOSdIPrwZQx4twyjh8GqHLX6FnEAkqz
+# KKei+TAe+V6YliWlCrIVx4On9yqsAFdkk1A=
+# SIG # End signature block
diff --git a/Public/extensions.json b/Public/extensions.json
new file mode 100644
index 0000000..07b3a6a
--- /dev/null
+++ b/Public/extensions.json
@@ -0,0 +1,394 @@
+{
+ "magic_numbers": [
+ {
+ "magic": ["D0CF11E0A1B11AE1"],
+ "extensions": ["doc", "xls", "msi", "ppt", "vsd", "db", "msg","xla","apr","dot","suo"]
+ },
+ {
+ "magic": ["504B03040A000200"],
+ "extensions": ["epub"]
+ },
+ {
+ "magic": ["504B0304140000", "504B0304"],
+ "extensions": ["docx","xlsx","pptx","odp","ods","jar","odt","zip","ott","vsdx","xps","kmz","kwd","oxps","sxc","sxd","sxi","sxw","xpi","msix"]
+ },
+ {
+ "magic": ["4D5A","4D5A90000300000004000000FFFF0000"],
+ "offset": [[3, "00"], [21, "0000004000"]],
+ "extensions": ["exe","bin","dll","IDX_DLL","sys","tlb","ocx","olb","odf","rll"]
+ },
+ {
+ "magic": ["4D53465402000100"],
+ "extensions": ["tlb"]
+ },
+ {
+ "magic": ["526172211A0700","526172211A070100","526172211A"],
+ "extensions": ["rar"]
+ },
+ {
+ "magic": ["377ABCAF271C","377ABCAF271C0004"],
+ "extensions": ["zip", "7z"]
+ },
+ {
+ "magic": ["89504E470D0A1A0A"],
+ "extensions": ["png"]
+ },
+ {
+ "magic": ["25504446"],
+ "extensions": ["pdf"]
+ },
+ {
+ "magic": ["FFD8"],
+ "extensions": ["jpg", "jpeg"]
+ },
+ {
+ "magic": ["474946"],
+ "extensions": ["gif"]
+ },
+ {
+ "magic": ["49492A"],
+ "extensions": ["tif"]
+ },
+ {
+ "magic": ["00000100"],
+ "extensions": ["ico"]
+ },
+ {
+ "magic": ["CAFEBABE"],
+ "extensions": ["class"]
+ },
+ {
+ "magic": ["49536328", "4D53434600000000"],
+ "extensions": ["msu", "cab"]
+ },
+ {
+ "magic": ["424D"],
+ "offset": [[14, "7C00"], [14, "28000000"]],
+ "extensions": ["bmp"]
+ },
+ {
+ "magic": ["3082"],
+ "offset": [4, "0609"],
+ "extensions": ["p7b", "p7c", "p7s"]
+ },
+ {
+ "magic": ["3082", "2D2D2D2D2D424547"],
+ "extensions": ["cer", "pfx", "der", "pem", "p7b"]
+ },
+ {
+ "magic": ["4F54544F00"],
+ "extensions": ["otf"]
+ },
+ {
+ "magic": ["52494646"],
+ "offset": [[8, "57454250"], [8, "57454250"], [8, "57415645"]],
+ "extensions": ["webp","avi","wav"]
+ },
+ {
+ "magic": ["7573746172"],
+ "extensions": ["tar"]
+ },
+ {
+ "magic": ["0000000C6A5020200D0A4"],
+ "extensions": ["jp2"]
+ },
+ {
+ "magic": ["03D9A29A"],
+ "offset": [[5, "FB4BB5"]],
+ "extensions": ["kdb", "kdbx"]
+ },
+ {
+ "magic": ["7B5C72746631"],
+ "extensions": ["rtf"]
+ },
+ {
+ "magic": ["000001BA", "000001B3"],
+ "extensions": ["mpg", "mpeg"]
+ },
+ {
+ "magic": ["00000020667479706D703432"],
+ "extensions": ["mp4"]
+ },
+ {
+ "magic": ["4F676753"],
+ "extensions": ["ogg"]
+ },
+ {
+ "magic": ["664C6143"],
+ "extensions": ["flac"]
+ },
+ {
+ "magic": ["1A45DFA3"],
+ "extensions": ["mkv", "webm"]
+ },
+ {
+ "magic": ["4B444D56"],
+ "extensions": ["vmdk"]
+ },
+ {
+ "magic": ["2142444E42"],
+ "extensions": ["pst"]
+ },
+ {
+ "magic": ["5374616E64617264204A6574"],
+ "extensions": ["mdb"]
+ },
+ {
+ "magic": ["252150532D41646F62652D332E3020455053462D"],
+ "extensions": ["eps"]
+ },
+ {
+ "magic": ["4D6963726F736F66742056697375616C20537475"],
+ "extensions": ["sln"]
+ },
+ {
+ "magic": ["00001A00051004"],
+ "extensions": ["123"]
+ },
+ {
+ "magic": ["0001000000"],
+ "extensions": ["ttf"]
+ },
+ {
+ "magic": ["1F8B08"],
+ "extensions": ["tgz", "gz"]
+ },
+ {
+ "magic": ["28546869732066696C65206D757374"],
+ "extensions": ["hqx"]
+ },
+ {
+ "magic": ["060E2B34020501010D0102010102", "3C435472616E7354696D656C696E653E"],
+ "extensions": ["mxf"]
+ },
+ {
+ "magic": ["4F67675300020000000000000000"],
+ "extensions": ["oga", "ogv", "ogx"]
+ },
+ {
+ "magic": ["64000000"],
+ "extensions": ["p10"]
+ },
+ {
+ "magic": ["25504446"],
+ "extensions": ["ai", "fdf", "pdf"]
+ },
+ {
+ "magic": ["2F2F203C212D2D203C6D64623A6D6F726B3A7A"],
+ "extensions": ["msf"]
+ },
+ {
+ "magic": ["3C4D616B657246696C6520"],
+ "extensions": ["fm"]
+ },
+ {
+ "magic": ["0020AF30", "6D7346696C7465724C697374"],
+ "extensions": ["tpl"]
+ },
+ {
+ "magic": ["00001A000210040000000000"],
+ "extensions": ["wk4"]
+ },
+ {
+ "magic": ["00001A000010040000000000"],
+ "extensions": ["wk3"]
+ },
+ {
+ "magic": ["0000020006040600080000000000"],
+ "extensions": ["wk1"]
+ },
+ {
+ "magic": ["1A0000040000", "4E45534D1A01"],
+ "extensions": ["nsf"]
+ },
+ {
+ "magic": ["1A0000", "30314F52444E414E434520535552564559", "4E49544630"],
+ "extensions": ["ntf"]
+ },
+ {
+ "magic": ["414F4C564D313030"],
+ "extensions": ["org"]
+ },
+ {
+ "magic": ["576F726450726F"],
+ "extensions": ["lwp"]
+ },
+ {
+ "magic": ["5B50686F6E655D"],
+ "extensions": ["sam"]
+ },
+ {
+ "magic": ["3C4D616B657246696C6520", "56657273696F6E20"],
+ "extensions": ["mif"]
+ },
+ {
+ "magic": ["3026B2758E66CF11A6D900AA0062CE6C"],
+ "extensions": ["asf", "wma", "wmv"]
+ },
+ {
+ "magic": ["49545346"],
+ "extensions": ["chm"]
+ },
+ {
+ "magic": ["0E574B53", "FF000200040405540200"],
+ "extensions": ["wks"]
+ },
+ {
+ "magic": ["00004D4D585052"],
+ "extensions": ["qxd"]
+ },
+ {
+ "magic": ["4D4D4D440000"],
+ "extensions": ["mmf"]
+ },
+ {
+ "magic": ["52545353", "58435000"],
+ "extensions": ["cap"]
+ },
+ {
+ "magic": ["4D444D5093A7", "5041474544553634", "5041474544554D50"],
+ "extensions": ["dmp"]
+ },
+ {
+ "magic": ["FF575043"],
+ "extensions": ["wpd"]
+ },
+ {
+ "magic": ["78617221"],
+ "extensions": ["xar"]
+ },
+ {
+ "magic": ["5350464900"],
+ "extensions": ["spf"]
+ },
+ {
+ "magic": ["0764743264647464"],
+ "extensions": ["dtd"]
+ },
+ {
+ "magic": ["2321414D52"],
+ "extensions": ["amr"]
+ },
+ {
+ "magic": ["2E736E64", "646E732E"],
+ "extensions": ["au"]
+ },
+ {
+ "magic": ["00000020667479704D344120"],
+ "extensions": ["m4a"]
+ },
+ {
+ "magic": ["49443303000000", "494433"],
+ "extensions": ["koz", "mp3"]
+ },
+ {
+ "magic": ["53494D504C4520203D202020202020202"],
+ "offset": [[17, "020202020202020202020202054"]],
+ "extensions": ["fits"]
+ },
+ {
+ "magic": ["492049", "49492A00", "4D4D002A", "4D4D002B"],
+ "extensions": ["tiff"]
+ },
+ {
+ "magic": ["38425053"],
+ "extensions": ["psd"]
+ },
+ {
+ "magic": ["41433130"],
+ "extensions": ["dwg"]
+ },
+ {
+ "magic": ["233F52414449414E43450A", "49536328"],
+ "extensions": ["hdr"]
+ },
+ {
+ "magic": ["010009000003", "D7CDC69A"],
+ "extensions": ["wmf"]
+ },
+ {
+ "magic": ["46726F6D3A20", "52657475726E2D506174683A20", "582D"],
+ "extensions": ["eml"]
+ },
+ {
+ "magic": ["424547494E3A56434152440D0A"],
+ "extensions": ["vcf"]
+ },
+ {
+ "magic": ["444D5321"],
+ "extensions": ["dms"]
+ },
+ {
+ "magic": ["0000001466747970336770", "0000002066747970336770"],
+ "extensions": ["3g2", "3gp"]
+ },
+ {
+ "magic": ["00000018667479706D703432", "00000020667479704D345620"],
+ "extensions": ["m4v"]
+ },
+ {
+ "magic": ["000000146674797071742020"],
+ "extensions": ["mov"]
+ },
+ {
+ "magic": ["4350543746494C45", "43505446494C45"],
+ "extensions": ["cpt"]
+ },
+ {
+ "magic": ["454E5452595643440200000102001858"],
+ "extensions": ["vcd"]
+ },
+ {
+ "magic": ["6375736800000002000000"],
+ "extensions": ["csh"]
+ },
+ {
+ "magic": ["EDABEEDB"],
+ "extensions": ["rpm"]
+ },
+ {
+ "magic": ["435753", "465753", "5A5753"],
+ "extensions": ["swf"]
+ },
+ {
+ "magic": ["5349542100", "5374756666497420286329313939372D"],
+ "extensions": ["sit"]
+ },
+ {
+ "magic": ["FD377A585A00"],
+ "extensions": ["xz"]
+ },
+ {
+ "magic": ["4D546864"],
+ "extensions": ["mid", "midi"]
+ },
+ {
+ "magic": ["464F524D00"],
+ "extensions": ["aiff"]
+ },
+ {
+ "magic": ["727473703A2F2F"],
+ "extensions": ["ram"]
+ },
+ {
+ "magic": ["2E524D46"],
+ "extensions": ["rm"]
+ },
+ {
+ "magic": ["2E524D460000001200", "2E7261FD00"],
+ "extensions": ["ra"]
+ },
+ {
+ "magic": ["50350A"],
+ "extensions": ["pgm"]
+ },
+ {
+ "magic": ["53514C69746520666F726D61742033"],
+ "extensions": ["sqlite"]
+ },
+ {
+ "magic": ["01DA01010003"],
+ "extensions": ["rgb"]
+ }
+ ]
+}
diff --git a/Public/file_extensions.xml b/Public/file_extensions.xml
new file mode 100644
index 0000000..d36d06c
--- /dev/null
+++ b/Public/file_extensions.xml
@@ -0,0 +1,93 @@
+
+
+*.bat*
+*.bmp*
+*.cab*
+*.class*
+*.csproj*
+*.config*
+*.csv*
+*.cer*
+*.db*
+*.der*
+*.doc*
+*.docx*
+*.dll*
+*.exe*
+*.gif*
+*.gz*
+*.html*
+*.kdb*
+*.kdbx*
+*.ico*
+*.ini*
+*.jar*
+*.jpg*
+*.jpeg*
+*.jp2*
+*.msi*
+*.msu*
+*.mp3*
+*.odp*
+*.ods*
+*.odt*
+*.otf*
+*.ott*
+*.p7b*
+*.p7c*
+*.pdf*
+*.pfx*
+*.png*
+*.pol*
+*.pptx*
+*.ppt*
+*.py*
+*.ps1*
+*.psm1*
+*.rar*
+*.rdp*
+*.reg*
+*.rtf*
+*.tar*
+*.tif*
+*.txt*
+*.vbs*
+*.xls*
+*.xlsx*
+*.xml*
+*.vbs*
+*.vbsx*
+*.webp*
+*.zip*
+*.7z*
+
+
+\baccesskey\b
+\bauth\b
+\bcredential\b
+\bcred\b
+\bidentifiant\b
+\bmdp\b
+\bmdpass\b
+\bmotdepasse\b
+\bprivate-key\b
+\bpwd\b
+\bsecret\b
+\bssh-key\b
+\btoken\b
+\blogin\b
+\bapikey\b
+password
+net use .+ /user:.*
+net user( /add)? \S+ \S+( /add)?
+securestring
+\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b
+\b[a-fA-F0-9]{32}\b
+\b[a-fA-F0-9]{40}\b
+\b[a-fA-F0-9]{64}\b
+
+
+
+
+
+