diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
new file mode 100644
index 00000000..13fdfa73
--- /dev/null
+++ b/.github/FUNDING.yml
@@ -0,0 +1 @@
+github: [ION28]
diff --git a/.github/workflows/cloud-web.yml b/.github/workflows/cloud-web.yml
deleted file mode 100644
index 61a5806a..00000000
--- a/.github/workflows/cloud-web.yml
+++ /dev/null
@@ -1,57 +0,0 @@
-name: Deploy Project Website to bluespawn.cloud
-on:
-  push:
-    branches:
-    - master
-    - develop
-  pull_request:
-    branches:
-    - master
-    - develop
-
-jobs:
-  build:
-    name: Update Project site
-    runs-on: ubuntu-latest
-    steps:
-    - name: SSH into server and update
-      uses: appleboy/ssh-action@master
-      with:
-        host: bluespawn.cloud
-        username: ubuntu
-        key: ${{ secrets.PRIVATE_KEY }}
-        port: 22
-        script: |
-          cd ~/BLUESPAWN
-          git fetch --all
-          git checkout ${{ github.ref }}
-          git pull origin ${{ github.ref }}
-          source ~/venv/bin/activate
-          cd docs
-          pip install -r requirements.txt
-          python3 manage.py makemigrations
-          python3 manage.py migrate
-          sudo service uwsgi restart
-          sudo /etc/init.d/nginx restart
-      if: github.event_name == 'push'
-
-    - name: SSH into server and update
-      uses: appleboy/ssh-action@master
-      with:
-        host: bluespawn.cloud
-        username: ubuntu
-        key: ${{ secrets.PRIVATE_KEY }}
-        port: 22
-        script: |
-          cd ~/BLUESPAWN
-          git fetch --all
-          git checkout ${{ github.head_ref }}
-          git pull origin ${{ github.head_ref }}
-          source ~/venv/bin/activate
-          cd docs
-          pip install -r requirements.txt
-          python3 manage.py makemigrations
-          python3 manage.py migrate
-          sudo service uwsgi restart
-          sudo /etc/init.d/nginx restart
-      if: github.event_name == 'pull_request'
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 45781c6c..3059119b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -25,12 +25,10 @@ jobs:
     - name: Update submodules
       run: git submodule update --init --recursive
 
-    - name: Restore from cache, and install vcpkg and project dependencies
-      uses: lukka/run-vcpkg@v6
+    - name: Setup vcpkg environment
+      uses: lukka/run-vcpkg@v11
       with:
-        vcpkgArguments: '@../vcpkg_response_file.txt'
-        vcpkgDirectory: 'vcpkg'
-        appendedCacheKey: ${{ hashFiles(env.vcpkgResponseFile) }}
+        vcpkgDirectory: '${{ github.workspace }}/vcpkg'
 
     - name: Integrate vcpkg packages
       shell: powershell
@@ -39,10 +37,12 @@ jobs:
         .\vcpkg.exe integrate install
         cd ..
 
+    - name: Setup MSBuild
+      uses: microsoft/setup-msbuild@v2
+
     - name: Build BLUESPAWN-client
-      run: |
-        "%ProgramFiles(x86)%\Microsoft Visual Studio\2019\Enterprise\MSBuild\Current\Bin\MSBuild.exe" BLUESPAWN.sln /p:Configuration=${{ matrix.buildtype }} /p:Platform=${{ matrix.buildarch }}
       shell: cmd
+      run: msbuild BLUESPAWN.sln /p:Configuration=${{ matrix.buildtype }} /p:Platform=${{ matrix.buildarch }} /p:VcpkgEnableManifest=true /p:VcpkgManifestDir=${{ github.workspace }}
 
     - name: Set PowerShell Execution Policy
       run: powershell set-executionpolicy Unrestricted
diff --git a/BLUESPAWN-win-client/BLUESPAWN-client.vcxproj b/BLUESPAWN-win-client/BLUESPAWN-client.vcxproj
index 9d1221f0..fe2be8ed 100644
--- a/BLUESPAWN-win-client/BLUESPAWN-client.vcxproj
+++ b/BLUESPAWN-win-client/BLUESPAWN-client.vcxproj
@@ -287,7 +287,7 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="PropertySheets">
diff --git a/BLUESPAWN-win-client/headers/hunt/hunts/HuntT1484.h b/BLUESPAWN-win-client/headers/hunt/hunts/HuntT1484.h
index cd6cae3f..861737e4 100644
--- a/BLUESPAWN-win-client/headers/hunt/hunts/HuntT1484.h
+++ b/BLUESPAWN-win-client/headers/hunt/hunts/HuntT1484.h
@@ -12,6 +12,8 @@ namespace Hunts {
 	public:
 		HuntT1484();
 
+		void Subtechnique001(IN CONST Scope& scope, OUT std::vector<std::shared_ptr<Detection>>& detections);
+
 		virtual std::vector<std::shared_ptr<Detection>> RunHunt(const Scope& scope) override;
 		virtual std::vector<std::pair<std::unique_ptr<Event>, Scope>> GetMonitoringEvents() override;
 	};
diff --git a/BLUESPAWN-win-client/headers/monitor/EventListener.h b/BLUESPAWN-win-client/headers/monitor/EventListener.h
index 54681d04..544f46fd 100644
--- a/BLUESPAWN-win-client/headers/monitor/EventListener.h
+++ b/BLUESPAWN-win-client/headers/monitor/EventListener.h
@@ -5,6 +5,7 @@
 #include <vector>
 #include <map>
 #include <thread>
+#include <algorithm>
 
 #include "util/wrappers.hpp"
 
diff --git a/BLUESPAWN-win-client/libpeconv.vcxproj b/BLUESPAWN-win-client/libpeconv.vcxproj
index 1d9056fe..8ff738c7 100644
--- a/BLUESPAWN-win-client/libpeconv.vcxproj
+++ b/BLUESPAWN-win-client/libpeconv.vcxproj
@@ -53,7 +53,7 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v142</PlatformToolset>
+    <PlatformToolset>v143</PlatformToolset>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="PropertySheets">
diff --git a/BLUESPAWN-win-client/pe-sieve.vcxproj b/BLUESPAWN-win-client/pe-sieve.vcxproj
index 8ed4e0ee..dea65abf 100644
--- a/BLUESPAWN-win-client/pe-sieve.vcxproj
+++ b/BLUESPAWN-win-client/pe-sieve.vcxproj
@@ -1,142 +1,142 @@
-﻿<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="16.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|x64">
-      <Configuration>Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|x64">
-      <Configuration>Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|Win32">
-      <Configuration>Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|Win32">
-      <Configuration>Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{BEC01F8E-5892-3F6F-A741-5BBD1D0F4EF9}</ProjectGuid>
-    <ProjectName>pe-sieve</ProjectName>
-  </PropertyGroup>
-  <ItemDefinitionGroup>
-    <BuildLog>
-      <Path>$(SolutionDir)build\$(PlatformTarget)\$(Configuration)\$(MSBuildProjectName).log</Path>
-    </BuildLog>
-    <ClCompile>
-      <AdditionalIncludeDirectories>$(SolutionDir)BLUESPAWN-win-client\external\pe-sieve\include;$(SolutionDir)BLUESPAWN-win-client\external\pe-sieve\libpeconv\libpeconv\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <UndefinePreprocessorDefinitions>UNICODE</UndefinePreprocessorDefinitions>
-    </ClCompile>
-    <Link>
-      <AdditionalDependencies>Secur32.lib;DbgHelp.lib;Wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
-    </Link>
-  </ItemDefinitionGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Label="Configuration">
-    <ConfigurationType>StaticLibrary</ConfigurationType>
-    <PlatformToolset>v142</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration">
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-    <Import Project="$(SolutionDir)config\buildsettings.props" />
-    <Import Project="$(SolutionDir)config\buildstructure.props" />
-  </ImportGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ItemGroup>
-    <ClCompile Include="external\pe-sieve\postprocessors\dump_report.cpp" />
-    <ClCompile Include="external\pe-sieve\postprocessors\imp_rec\iat_block.cpp" />
-    <ClCompile Include="external\pe-sieve\postprocessors\imp_rec\iat_finder.cpp" />
-    <ClCompile Include="external\pe-sieve\postprocessors\imp_rec\import_table_finder.cpp" />
-    <ClCompile Include="external\pe-sieve\postprocessors\imp_rec\imp_reconstructor.cpp" />
-    <ClCompile Include="external\pe-sieve\postprocessors\pe_buffer.cpp" />
-    <ClCompile Include="external\pe-sieve\postprocessors\pe_reconstructor.cpp" />
-    <ClCompile Include="external\pe-sieve\postprocessors\report_formatter.cpp" />
-    <ClCompile Include="external\pe-sieve\postprocessors\results_dumper.cpp" />
-    <ClCompile Include="external\pe-sieve\scanners\artefact_scanner.cpp" />
-    <ClCompile Include="external\pe-sieve\scanners\code_scanner.cpp" />
-    <ClCompile Include="external\pe-sieve\scanners\headers_scanner.cpp" />
-    <ClCompile Include="external\pe-sieve\scanners\hook_targets_resolver.cpp" />
-    <ClCompile Include="external\pe-sieve\scanners\iat_scanner.cpp" />
-    <ClCompile Include="external\pe-sieve\scanners\mapping_scanner.cpp" />
-    <ClCompile Include="external\pe-sieve\scanners\mempage_data.cpp" />
-    <ClCompile Include="external\pe-sieve\scanners\module_data.cpp" />
-    <ClCompile Include="external\pe-sieve\scanners\patch_analyzer.cpp" />
-    <ClCompile Include="external\pe-sieve\scanners\patch_list.cpp" />
-    <ClCompile Include="external\pe-sieve\scanners\scanned_modules.cpp" />
-    <ClCompile Include="external\pe-sieve\scanners\scanner.cpp" />
-    <ClCompile Include="external\pe-sieve\scanners\scan_report.cpp" />
-    <ClCompile Include="external\pe-sieve\scanners\workingset_scanner.cpp" />
-    <ClCompile Include="external\pe-sieve\utils\artefacts_util.cpp" />
-    <ClCompile Include="external\pe-sieve\utils\console_color.cpp" />
-    <ClCompile Include="external\pe-sieve\utils\debug.cpp" />
-    <ClCompile Include="external\pe-sieve\utils\format_util.cpp" />
-    <ClCompile Include="external\pe-sieve\utils\modules_enum.cpp" />
-    <ClCompile Include="external\pe-sieve\utils\path_converter.cpp" />
-    <ClCompile Include="external\pe-sieve\utils\path_util.cpp" />
-    <ClCompile Include="external\pe-sieve\utils\process_minidump.cpp" />
-    <ClCompile Include="external\pe-sieve\utils\process_privilege.cpp" />
-    <ClCompile Include="external\pe-sieve\utils\process_reflection.cpp" />
-    <ClCompile Include="external\pe-sieve\utils\process_util.cpp" />
-    <ClCompile Include="external\pe-sieve\utils\workingset_enum.cpp" />
-    <ClInclude Include="external\pe-sieve\pe_sieve.h" />
-    <ClInclude Include="external\pe-sieve\include\pe_sieve_types.h" />
-    <ClInclude Include="external\pe-sieve\params_info\pe_sieve_params_info.h" />
-    <ClInclude Include="external\pe-sieve\postprocessors\dump_report.h" />
-    <ClInclude Include="external\pe-sieve\postprocessors\imp_rec\iat_block.h" />
-    <ClInclude Include="external\pe-sieve\postprocessors\imp_rec\iat_finder.h" />
-    <ClInclude Include="external\pe-sieve\postprocessors\imp_rec\import_table_finder.h" />
-    <ClInclude Include="external\pe-sieve\postprocessors\imp_rec\imp_reconstructor.h" />
-    <ClInclude Include="external\pe-sieve\postprocessors\pe_buffer.h" />
-    <ClInclude Include="external\pe-sieve\postprocessors\pe_reconstructor.h" />
-    <ClInclude Include="external\pe-sieve\postprocessors\report_formatter.h" />
-    <ClInclude Include="external\pe-sieve\postprocessors\results_dumper.h" />
-    <ClInclude Include="external\pe-sieve\scanners\artefact_scanner.h" />
-    <ClInclude Include="external\pe-sieve\scanners\code_scanner.h" />
-    <ClInclude Include="external\pe-sieve\scanners\headers_scanner.h" />
-    <ClInclude Include="external\pe-sieve\scanners\hook_targets_resolver.h" />
-    <ClInclude Include="external\pe-sieve\scanners\iat_scanner.h" />
-    <ClInclude Include="external\pe-sieve\scanners\mapping_scanner.h" />
-    <ClInclude Include="external\pe-sieve\scanners\mempage_data.h" />
-    <ClInclude Include="external\pe-sieve\scanners\module_data.h" />
-    <ClInclude Include="external\pe-sieve\scanners\module_scanner.h" />
-    <ClInclude Include="external\pe-sieve\scanners\module_scan_report.h" />
-    <ClInclude Include="external\pe-sieve\scanners\patch_analyzer.h" />
-    <ClInclude Include="external\pe-sieve\scanners\patch_list.h" />
-    <ClInclude Include="external\pe-sieve\scanners\pe_section.h" />
-    <ClInclude Include="external\pe-sieve\scanners\scanned_modules.h" />
-    <ClInclude Include="external\pe-sieve\scanners\scanner.h" />
-    <ClInclude Include="external\pe-sieve\scanners\scan_report.h" />
-    <ClInclude Include="external\pe-sieve\scanners\workingset_scanner.h" />
-    <ClInclude Include="external\pe-sieve\include\pe_sieve_api.h" />
-    <ClCompile Include="external\pe-sieve\pe_sieve.cpp" />
-    <ClInclude Include="external\pe-sieve\color_scheme.h" />
-    <ClCompile Include="external\pe-sieve\params_info\pe_sieve_params_info.cpp" />
-    <ClCompile Include="external\pe-sieve\dll_main.cpp" />
-    <ClInclude Include="external\pe-sieve\utils\artefacts_util.h" />
-    <ClInclude Include="external\pe-sieve\utils\console_color.h" />
-    <ClInclude Include="external\pe-sieve\utils\format_util.h" />
-    <ClInclude Include="external\pe-sieve\utils\modules_enum.h" />
-    <ClInclude Include="external\pe-sieve\utils\ntddk.h" />
-    <ClInclude Include="external\pe-sieve\utils\path_converter.h" />
-    <ClInclude Include="external\pe-sieve\utils\path_util.h" />
-    <ClInclude Include="external\pe-sieve\utils\process_minidump.h" />
-    <ClInclude Include="external\pe-sieve\utils\process_privilege.h" />
-    <ClInclude Include="external\pe-sieve\utils\process_reflection.h" />
-    <ClInclude Include="external\pe-sieve\utils\process_util.h" />
-    <ClInclude Include="external\pe-sieve\utils\workingset_enum.h" />
-    <None Include="external\pe-sieve\main.def" />
-  </ItemGroup>
-  <ItemGroup>
-    <ProjectReference Include="$(SolutionDir)BLUESPAWN-win-client\libpeconv.vcxproj">
-      <Project>{C9D09618-1DE6-3323-AED8-9B885AC8D9F3}</Project>
-      <Name>libpeconv</Name>
-    </ProjectReference>
-  </ItemGroup>
+﻿<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="16.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{BEC01F8E-5892-3F6F-A741-5BBD1D0F4EF9}</ProjectGuid>
+    <ProjectName>pe-sieve</ProjectName>
+  </PropertyGroup>
+  <ItemDefinitionGroup>
+    <BuildLog>
+      <Path>$(SolutionDir)build\$(PlatformTarget)\$(Configuration)\$(MSBuildProjectName).log</Path>
+    </BuildLog>
+    <ClCompile>
+      <AdditionalIncludeDirectories>$(SolutionDir)BLUESPAWN-win-client\external\pe-sieve\include;$(SolutionDir)BLUESPAWN-win-client\external\pe-sieve\libpeconv\libpeconv\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <UndefinePreprocessorDefinitions>UNICODE</UndefinePreprocessorDefinitions>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>Secur32.lib;DbgHelp.lib;Wintrust.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Label="Configuration">
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="$(SolutionDir)config\buildsettings.props" />
+    <Import Project="$(SolutionDir)config\buildstructure.props" />
+  </ImportGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ItemGroup>
+    <ClCompile Include="external\pe-sieve\postprocessors\dump_report.cpp" />
+    <ClCompile Include="external\pe-sieve\postprocessors\imp_rec\iat_block.cpp" />
+    <ClCompile Include="external\pe-sieve\postprocessors\imp_rec\iat_finder.cpp" />
+    <ClCompile Include="external\pe-sieve\postprocessors\imp_rec\import_table_finder.cpp" />
+    <ClCompile Include="external\pe-sieve\postprocessors\imp_rec\imp_reconstructor.cpp" />
+    <ClCompile Include="external\pe-sieve\postprocessors\pe_buffer.cpp" />
+    <ClCompile Include="external\pe-sieve\postprocessors\pe_reconstructor.cpp" />
+    <ClCompile Include="external\pe-sieve\postprocessors\report_formatter.cpp" />
+    <ClCompile Include="external\pe-sieve\postprocessors\results_dumper.cpp" />
+    <ClCompile Include="external\pe-sieve\scanners\artefact_scanner.cpp" />
+    <ClCompile Include="external\pe-sieve\scanners\code_scanner.cpp" />
+    <ClCompile Include="external\pe-sieve\scanners\headers_scanner.cpp" />
+    <ClCompile Include="external\pe-sieve\scanners\hook_targets_resolver.cpp" />
+    <ClCompile Include="external\pe-sieve\scanners\iat_scanner.cpp" />
+    <ClCompile Include="external\pe-sieve\scanners\mapping_scanner.cpp" />
+    <ClCompile Include="external\pe-sieve\scanners\mempage_data.cpp" />
+    <ClCompile Include="external\pe-sieve\scanners\module_data.cpp" />
+    <ClCompile Include="external\pe-sieve\scanners\patch_analyzer.cpp" />
+    <ClCompile Include="external\pe-sieve\scanners\patch_list.cpp" />
+    <ClCompile Include="external\pe-sieve\scanners\scanned_modules.cpp" />
+    <ClCompile Include="external\pe-sieve\scanners\scanner.cpp" />
+    <ClCompile Include="external\pe-sieve\scanners\scan_report.cpp" />
+    <ClCompile Include="external\pe-sieve\scanners\workingset_scanner.cpp" />
+    <ClCompile Include="external\pe-sieve\utils\artefacts_util.cpp" />
+    <ClCompile Include="external\pe-sieve\utils\console_color.cpp" />
+    <ClCompile Include="external\pe-sieve\utils\debug.cpp" />
+    <ClCompile Include="external\pe-sieve\utils\format_util.cpp" />
+    <ClCompile Include="external\pe-sieve\utils\modules_enum.cpp" />
+    <ClCompile Include="external\pe-sieve\utils\path_converter.cpp" />
+    <ClCompile Include="external\pe-sieve\utils\path_util.cpp" />
+    <ClCompile Include="external\pe-sieve\utils\process_minidump.cpp" />
+    <ClCompile Include="external\pe-sieve\utils\process_privilege.cpp" />
+    <ClCompile Include="external\pe-sieve\utils\process_reflection.cpp" />
+    <ClCompile Include="external\pe-sieve\utils\process_util.cpp" />
+    <ClCompile Include="external\pe-sieve\utils\workingset_enum.cpp" />
+    <ClInclude Include="external\pe-sieve\pe_sieve.h" />
+    <ClInclude Include="external\pe-sieve\include\pe_sieve_types.h" />
+    <ClInclude Include="external\pe-sieve\params_info\pe_sieve_params_info.h" />
+    <ClInclude Include="external\pe-sieve\postprocessors\dump_report.h" />
+    <ClInclude Include="external\pe-sieve\postprocessors\imp_rec\iat_block.h" />
+    <ClInclude Include="external\pe-sieve\postprocessors\imp_rec\iat_finder.h" />
+    <ClInclude Include="external\pe-sieve\postprocessors\imp_rec\import_table_finder.h" />
+    <ClInclude Include="external\pe-sieve\postprocessors\imp_rec\imp_reconstructor.h" />
+    <ClInclude Include="external\pe-sieve\postprocessors\pe_buffer.h" />
+    <ClInclude Include="external\pe-sieve\postprocessors\pe_reconstructor.h" />
+    <ClInclude Include="external\pe-sieve\postprocessors\report_formatter.h" />
+    <ClInclude Include="external\pe-sieve\postprocessors\results_dumper.h" />
+    <ClInclude Include="external\pe-sieve\scanners\artefact_scanner.h" />
+    <ClInclude Include="external\pe-sieve\scanners\code_scanner.h" />
+    <ClInclude Include="external\pe-sieve\scanners\headers_scanner.h" />
+    <ClInclude Include="external\pe-sieve\scanners\hook_targets_resolver.h" />
+    <ClInclude Include="external\pe-sieve\scanners\iat_scanner.h" />
+    <ClInclude Include="external\pe-sieve\scanners\mapping_scanner.h" />
+    <ClInclude Include="external\pe-sieve\scanners\mempage_data.h" />
+    <ClInclude Include="external\pe-sieve\scanners\module_data.h" />
+    <ClInclude Include="external\pe-sieve\scanners\module_scanner.h" />
+    <ClInclude Include="external\pe-sieve\scanners\module_scan_report.h" />
+    <ClInclude Include="external\pe-sieve\scanners\patch_analyzer.h" />
+    <ClInclude Include="external\pe-sieve\scanners\patch_list.h" />
+    <ClInclude Include="external\pe-sieve\scanners\pe_section.h" />
+    <ClInclude Include="external\pe-sieve\scanners\scanned_modules.h" />
+    <ClInclude Include="external\pe-sieve\scanners\scanner.h" />
+    <ClInclude Include="external\pe-sieve\scanners\scan_report.h" />
+    <ClInclude Include="external\pe-sieve\scanners\workingset_scanner.h" />
+    <ClInclude Include="external\pe-sieve\include\pe_sieve_api.h" />
+    <ClCompile Include="external\pe-sieve\pe_sieve.cpp" />
+    <ClInclude Include="external\pe-sieve\color_scheme.h" />
+    <ClCompile Include="external\pe-sieve\params_info\pe_sieve_params_info.cpp" />
+    <ClCompile Include="external\pe-sieve\dll_main.cpp" />
+    <ClInclude Include="external\pe-sieve\utils\artefacts_util.h" />
+    <ClInclude Include="external\pe-sieve\utils\console_color.h" />
+    <ClInclude Include="external\pe-sieve\utils\format_util.h" />
+    <ClInclude Include="external\pe-sieve\utils\modules_enum.h" />
+    <ClInclude Include="external\pe-sieve\utils\ntddk.h" />
+    <ClInclude Include="external\pe-sieve\utils\path_converter.h" />
+    <ClInclude Include="external\pe-sieve\utils\path_util.h" />
+    <ClInclude Include="external\pe-sieve\utils\process_minidump.h" />
+    <ClInclude Include="external\pe-sieve\utils\process_privilege.h" />
+    <ClInclude Include="external\pe-sieve\utils\process_reflection.h" />
+    <ClInclude Include="external\pe-sieve\utils\process_util.h" />
+    <ClInclude Include="external\pe-sieve\utils\workingset_enum.h" />
+    <None Include="external\pe-sieve\main.def" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="$(SolutionDir)BLUESPAWN-win-client\libpeconv.vcxproj">
+      <Project>{C9D09618-1DE6-3323-AED8-9B885AC8D9F3}</Project>
+      <Name>libpeconv</Name>
+    </ProjectReference>
+  </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/BLUESPAWN-win-client/src/hunt/hunts/HuntT1036.cpp b/BLUESPAWN-win-client/src/hunt/hunts/HuntT1036.cpp
index e40852e4..7c54c51d 100644
--- a/BLUESPAWN-win-client/src/hunt/hunts/HuntT1036.cpp
+++ b/BLUESPAWN-win-client/src/hunt/hunts/HuntT1036.cpp
@@ -17,7 +17,7 @@ namespace Hunts {
     }
 
     void HuntT1036::Subtechnique005(IN CONST Scope& scope, OUT std::vector<std::shared_ptr<Detection>>& detections) {
-        SUBTECHNIQUE_INIT(005, Match Legitimate Name or Location);
+        SUBTECHNIQUE_INIT(005, Match Legitimate Resource Name or Location);
 
         SUBSECTION_INIT(SEARCH_WRITABLE, Intensive);
         for(auto folder : writableFolders) {
diff --git a/BLUESPAWN-win-client/src/hunt/hunts/HuntT1070.cpp b/BLUESPAWN-win-client/src/hunt/hunts/HuntT1070.cpp
index d846ddb8..cf453ee9 100644
--- a/BLUESPAWN-win-client/src/hunt/hunts/HuntT1070.cpp
+++ b/BLUESPAWN-win-client/src/hunt/hunts/HuntT1070.cpp
@@ -12,7 +12,7 @@
 
 namespace Hunts {
 
-    HuntT1070::HuntT1070() : Hunt(L"T1070 - Indicator Removal on Host") {
+    HuntT1070::HuntT1070() : Hunt(L"T1070 - Indicator Removal") {
         dwCategoriesAffected = (DWORD) Category::Files | (DWORD) Category::Processes;
         dwSourcesInvolved = (DWORD) DataSource::EventLogs;
         dwTacticsUsed = (DWORD) Tactic::DefenseEvasion;
diff --git a/BLUESPAWN-win-client/src/hunt/hunts/HuntT1484.cpp b/BLUESPAWN-win-client/src/hunt/hunts/HuntT1484.cpp
index cfea9483..f74c7c41 100644
--- a/BLUESPAWN-win-client/src/hunt/hunts/HuntT1484.cpp
+++ b/BLUESPAWN-win-client/src/hunt/hunts/HuntT1484.cpp
@@ -9,15 +9,15 @@
 
 namespace Hunts {
 
-    HuntT1484::HuntT1484() : Hunt(L"T1484 - Group Policy Modification") {
+    HuntT1484::HuntT1484() : Hunt(L"T1484 - Domain or Tenant Policy Modification") {
         dwCategoriesAffected = (DWORD) Category::Files;
         dwSourcesInvolved = (DWORD) DataSource::FileSystem | (DWORD) DataSource::GPO;
         dwTacticsUsed = (DWORD) Tactic::DefenseEvasion;
     }
 
-    std::vector<std::shared_ptr<Detection>> HuntT1484::RunHunt(const Scope& scope) {
-        HUNT_INIT();
-
+    void HuntT1484::Subtechnique001(IN CONST Scope& scope, OUT std::vector<std::shared_ptr<Detection>>& detections) {
+        SUBTECHNIQUE_INIT(001, Group Policy Modification);
+        
         SUBSECTION_INIT(NTUSER_MAN, Normal)
         auto userFolders = FileSystem::Folder(L"C:\\Users").GetSubdirectories(1);
         for(auto userFolder : userFolders) {
@@ -28,6 +28,14 @@ namespace Hunts {
         }
         SUBSECTION_END();
 
+        SUBTECHNIQUE_END();
+    }
+
+    std::vector<std::shared_ptr<Detection>> HuntT1484::RunHunt(const Scope& scope) {
+        HUNT_INIT();
+
+        Subtechnique001(scope, detections);
+
         HUNT_END();
     }
 
diff --git a/BLUESPAWN-win-client/src/hunt/hunts/HuntT1569.cpp b/BLUESPAWN-win-client/src/hunt/hunts/HuntT1569.cpp
index 1dca6a76..e455dbab 100644
--- a/BLUESPAWN-win-client/src/hunt/hunts/HuntT1569.cpp
+++ b/BLUESPAWN-win-client/src/hunt/hunts/HuntT1569.cpp
@@ -17,7 +17,7 @@ using namespace Registry;
 #define REGISTRY_SERVICES 0
 
 namespace Hunts {
-    HuntT1569::HuntT1569() : Hunt(L"T1569 - Service Execution") {
+    HuntT1569::HuntT1569() : Hunt(L"T1569 - System Services") {
         dwCategoriesAffected = (DWORD) Category::Configurations | (DWORD) Category::Files | (DWORD) Category::Processes;
         dwSourcesInvolved = (DWORD) DataSource::Registry | (DWORD) DataSource::FileSystem;
         dwTacticsUsed = (DWORD) Tactic::Execution;
diff --git a/BLUESPAWN-win-client/src/user/BLUESPAWN.cpp b/BLUESPAWN-win-client/src/user/BLUESPAWN.cpp
index 91e43bec..f9d77de1 100644
--- a/BLUESPAWN-win-client/src/user/BLUESPAWN.cpp
+++ b/BLUESPAWN-win-client/src/user/BLUESPAWN.cpp
@@ -538,7 +538,7 @@ int main(int argc, char* argv[]) {
         }
 
         bluespawn.Run();
-    } catch(cxxopts::OptionParseException e1) {
+    } catch(const cxxopts::exceptions::exception& e1) {
         Bluespawn::io.InformUser(StringToWidestring(options.help()));
         LOG_ERROR(e1.what());
     }
diff --git a/BLUESPAWN-win-client/src/util/eventlogs/EventLogs.cpp b/BLUESPAWN-win-client/src/util/eventlogs/EventLogs.cpp
index 4bcaceae..549a8109 100644
--- a/BLUESPAWN-win-client/src/util/eventlogs/EventLogs.cpp
+++ b/BLUESPAWN-win-client/src/util/eventlogs/EventLogs.cpp
@@ -224,7 +224,7 @@ namespace EventLogs {
 
         // Open the channel config
         EventWrapper hChannel{ EvtOpenChannelConfig(NULL, channel.c_str(), 0) };
-        if(NULL == hChannel) {
+        if(hChannel == nullptr) {
             LOG_ERROR(L"EventLogs::IsChannelOpen: EvtOpenChannelConfig failed with " + std::to_wstring(GetLastError()) +
                       L" for channel " + channel);
             return false;
@@ -257,10 +257,13 @@ namespace EventLogs {
                 return false;
             }
         }
-        if(pProperty)
+        bool isEnabled = false;
+        if(pProperty) {
+            isEnabled = pProperty->BooleanVal;
             free(pProperty);
+        }
 
-        return pProperty->BooleanVal;
+        return isEnabled;
     }
 
     bool OpenChannel(const std::wstring& channel) {
diff --git a/BLUESPAWN-win-client/yarac.vcxproj b/BLUESPAWN-win-client/yarac.vcxproj
index b6646ea7..6054920e 100644
--- a/BLUESPAWN-win-client/yarac.vcxproj
+++ b/BLUESPAWN-win-client/yarac.vcxproj
@@ -1,184 +1,184 @@
-﻿<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|Win32">
-      <Configuration>Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|x64">
-      <Configuration>Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|Win32">
-      <Configuration>Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|x64">
-      <Configuration>Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{7C72350B-AA5B-41AD-8957-CE3924A7F11B}</ProjectGuid>
-    <Keyword>Win32Proj</Keyword>
-    <RootNamespace>yarac</RootNamespace>
-    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
-    <VcpkgTriplet Condition="'$(Platform)'=='Win32'">x86-windows-static</VcpkgTriplet>
-    <VcpkgTriplet Condition="'$(Platform)'=='x64'">x64-windows-static</VcpkgTriplet>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>true</UseDebugLibraries>
-    <CharacterSet>Unicode</CharacterSet>
-    <PlatformToolset>v142</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>true</UseDebugLibraries>
-    <CharacterSet>Unicode</CharacterSet>
-    <PlatformToolset>v142</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>false</UseDebugLibraries>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>Unicode</CharacterSet>
-    <PlatformToolset>v142</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>false</UseDebugLibraries>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>Unicode</CharacterSet>
-    <PlatformToolset>v142</PlatformToolset>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-    <Import Project="$(SolutionDir)config\buildstructure.props" />
-  </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-    <Import Project="$(SolutionDir)config\buildstructure.props" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-    <Import Project="$(SolutionDir)config\buildstructure.props" />
-  </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-    <Import Project="$(SolutionDir)config\buildstructure.props" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <LinkIncremental>false</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <LinkIncremental>false</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <LinkIncremental>false</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <LinkIncremental>false</LinkIncremental>
-  </PropertyGroup>
-  <ItemDefinitionGroup>
-    <PreBuildEvent>
-      <Command>del "$(ProjectDir)resources\severe" &amp;&amp; del "$(ProjectDir)resources\severe2" &amp;&amp; del "$(ProjectDir)resources\indicators"</Command>
-    </PreBuildEvent>
-	<PostBuildEvent>
+﻿<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{7C72350B-AA5B-41AD-8957-CE3924A7F11B}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>yarac</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+    <VcpkgTriplet Condition="'$(Platform)'=='Win32'">x86-windows-static</VcpkgTriplet>
+    <VcpkgTriplet Condition="'$(Platform)'=='x64'">x64-windows-static</VcpkgTriplet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="$(SolutionDir)config\buildstructure.props" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="$(SolutionDir)config\buildstructure.props" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="$(SolutionDir)config\buildstructure.props" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="$(SolutionDir)config\buildstructure.props" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup>
+    <PreBuildEvent>
+      <Command>del "$(ProjectDir)resources\severe" &amp;&amp; del "$(ProjectDir)resources\severe2" &amp;&amp; del "$(ProjectDir)resources\indicators"</Command>
+    </PreBuildEvent>
+    <PostBuildEvent>
       <Command>cmd /c "
 "$(SolutionDir)artifacts\$(PlatformTarget)\$(Configuration)\yarac.exe" "$(ProjectDir)resources\severe.yar" "$(ProjectDir)resources\severe" &amp; 
 "$(SolutionDir)artifacts\$(PlatformTarget)\$(Configuration)\yarac.exe" "$(ProjectDir)resources\severe2.yar" "$(ProjectDir)resources\severe2" &amp; 
 "$(SolutionDir)artifacts\$(PlatformTarget)\$(Configuration)\yarac.exe" "$(ProjectDir)resources\indicators.yar" "$(ProjectDir)resources\indicators" &amp; 
 exit 0
-"</Command>
-    </PostBuildEvent>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <ClCompile>
-      <WarningLevel>Level3</WarningLevel>
-      <PrecompiledHeader>NotUsing</PrecompiledHeader>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>_DEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <WholeProgramOptimization>false</WholeProgramOptimization>
-      <CompileAs>CompileAsCpp</CompileAs>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <AdditionalDependencies>ws2_32.lib;crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <ClCompile>
-      <WarningLevel>Level3</WarningLevel>
-      <PrecompiledHeader>NotUsing</PrecompiledHeader>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>_DEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsCpp</CompileAs>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <AdditionalDependencies>ws2_32.lib;crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <ClCompile>
-      <WarningLevel>Level3</WarningLevel>
-      <PrecompiledHeader>NotUsing</PrecompiledHeader>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <CompileAs>CompileAsCpp</CompileAs>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>No</GenerateDebugInformation>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <OptimizeReferences>true</OptimizeReferences>
-      <AdditionalDependencies>ws2_32.lib;crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <ClCompile>
-      <WarningLevel>Level3</WarningLevel>
-      <PrecompiledHeader>NotUsing</PrecompiledHeader>
-      <Optimization>MaxSpeed</Optimization>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <CompileAs>CompileAsCpp</CompileAs>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>No</GenerateDebugInformation>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <OptimizeReferences>true</OptimizeReferences>
-      <AdditionalDependencies>ws2_32.lib;crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemGroup>
-    <ClCompile Include="src\yara\args.c" />
-    <ClCompile Include="src\yara\yarac.c" />
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets" />
+"</Command>
+    </PostBuildEvent>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <WholeProgramOptimization>false</WholeProgramOptimization>
+      <CompileAs>CompileAsCpp</CompileAs>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>ws2_32.lib;crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsCpp</CompileAs>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>ws2_32.lib;crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <CompileAs>CompileAsCpp</CompileAs>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>No</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalDependencies>ws2_32.lib;crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <CompileAs>CompileAsCpp</CompileAs>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>No</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalDependencies>ws2_32.lib;crypt32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <IgnoreAllDefaultLibraries>false</IgnoreAllDefaultLibraries>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="src\yara\args.c" />
+    <ClCompile Include="src\yara\yarac.c" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets" />
 </Project>
\ No newline at end of file
diff --git a/testing/run-atomic-tests.ps1 b/testing/run-atomic-tests.ps1
index 277ee5a7..e5991fc1 100644
--- a/testing/run-atomic-tests.ps1
+++ b/testing/run-atomic-tests.ps1
@@ -22,8 +22,8 @@ Invoke-AtomicTest T1546.007 -ExecutionLogPath 'd:\a\BLUESPAWN\BLUESPAWN\AtomicTe
 Invoke-AtomicTest T1546.008 -ExecutionLogPath 'd:\a\BLUESPAWN\BLUESPAWN\AtomicTestsResults.csv'
 Invoke-AtomicTest T1546.010 -ExecutionLogPath 'd:\a\BLUESPAWN\BLUESPAWN\AtomicTestsResults.csv' -InputArgs $T1546010Args
 Invoke-AtomicTest T1546.011 -ExecutionLogPath 'd:\a\BLUESPAWN\BLUESPAWN\AtomicTestsResults.csv'
-Invoke-AtomicTest T1546.012 -ExecutionLogPath 'd:\a\BLUESPAWN\BLUESPAWN\AtomicTestsResults.csv'
-Invoke-AtomicTest T1546.015 -ExecutionLogPath 'd:\a\BLUESPAWN\BLUESPAWN\AtomicTestsResults.csv'
+#Invoke-AtomicTest T1546.012 -ExecutionLogPath 'd:\a\BLUESPAWN\BLUESPAWN\AtomicTestsResults.csv'
+#Invoke-AtomicTest T1546.015 -ExecutionLogPath 'd:\a\BLUESPAWN\BLUESPAWN\AtomicTestsResults.csv'
 Invoke-AtomicTest T1547.001 -ExecutionLogPath 'd:\a\BLUESPAWN\BLUESPAWN\AtomicTestsResults.csv'
 Invoke-AtomicTest T1547.004 -ExecutionLogPath 'd:\a\BLUESPAWN\BLUESPAWN\AtomicTestsResults.csv'
 Invoke-AtomicTest T1547.005 -ExecutionLogPath 'd:\a\BLUESPAWN\BLUESPAWN\AtomicTestsResults.csv'
diff --git a/vcpkg b/vcpkg
index 0cbc579e..c4de8d6f 160000
--- a/vcpkg
+++ b/vcpkg
@@ -1 +1 @@
-Subproject commit 0cbc579e1ee21fa4ad0974a9ed926f60c6ed1a4a
+Subproject commit c4de8d6f4d5f317eab30ab5d42de4a6bc3a5e290
diff --git a/vcpkg.json b/vcpkg.json
new file mode 100644
index 00000000..f1153205
--- /dev/null
+++ b/vcpkg.json
@@ -0,0 +1,10 @@
+{
+  "name": "bluespawn",
+  "version-string": "1.0.0",
+  "dependencies": [
+    "cxxopts",
+    "yara",
+    "libzip",
+    "nlohmann-json"
+  ]
+}
diff --git a/vcpkg_response_file.txt b/vcpkg_response_file.txt
deleted file mode 100644
index 30bc44c5..00000000
--- a/vcpkg_response_file.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-cxxopts:x64-windows-static
-cxxopts:x86-windows-static
-yara:x64-windows-static
-yara:x86-windows-static
-libzip:x64-windows-static
-libzip:x86-windows-static
-nlohmann-json:x64-windows-static
-nlohmann-json:x86-windows-static
