#Default Named Pipes from Cobalt Strike
postex_
#Account lockout event log 4740 with default windows naming convention or kali linux.
hostname=kali
#Filenames with simple spellings
abc.exe
1.exe
#Post exploit tools that haven't been renamed
plink.exe
Mimikatz.exe
ngrok.exe
socks.exe