rclone hashes for all version released

[LoZio]

Sorry for not being able to create a PR, but I was looking for rClone in one network (bad guys use it to exfiltrate data) and created a csv containing all the SHA1 hashes of the released versions from 0.96 to current 1.56 (from https://downloads.rclone.org/) There's the hash of the zip file and the hashes for the windows executables (both x64 and 32 bit). You can use them to hunt for processes or files. Something like:

let rcloneexeonlyhashes = dynamic([
"713d4a18177e9091c91a1e885d846e084fd19ebe",
"c7f41e8349d93f581704fc7d46a0a86451b701bf",
"713d4a18177e9091c91a1e885d846e084fd19ebe",
"c7f41e8349d93f581704fc7d46a0a86451b701bf",
"f11acf701130422f0b291e74a29b5c0c82967e22",
"575ed20f418d6c84d74c527c40d098c7c145ba49",
"f11acf701130422f0b291e74a29b5c0c82967e22",
"575ed20f418d6c84d74c527c40d098c7c145ba49",
"0774c3fad552dffac99ef4089f9d18838dc391f2",
"0774c3fad552dffac99ef4089f9d18838dc391f2",
"9ab49d4dd789eea3f2491406a2cda8ca1eb97999",
"07da4a6aff4596d286f60c44fc0e340179d080ce",
"9ab49d4dd789eea3f2491406a2cda8ca1eb97999",
"07da4a6aff4596d286f60c44fc0e340179d080ce",
"54e4146c3a72dca28287cfec84dc398d4bf9da66",
"af3a8302fb7fe9cc8345b52ae45e531ad17b5959",
"54e4146c3a72dca28287cfec84dc398d4bf9da66",
"af3a8302fb7fe9cc8345b52ae45e531ad17b5959",
"7114bd9865f2dfc7651d9fe05ef9fbf5df8affa2",
"eec2bcb14105ab778ad7c220a40714283a9b9ff7",
"7114bd9865f2dfc7651d9fe05ef9fbf5df8affa2",
"eec2bcb14105ab778ad7c220a40714283a9b9ff7",
"9b7eea8b59a078ec6c0ee2934cfbd45d535e96eb",
"5bc41e54d81c80ed01ea75c4089678af71c9f964",
"9b7eea8b59a078ec6c0ee2934cfbd45d535e96eb",
"5bc41e54d81c80ed01ea75c4089678af71c9f964",
"587cdd23bf627ad7d326ce1f6ba88a7234bce51d",
"d4bd849dd9e74b8e6e7300d456ef5b0141dd5b5a",
"587cdd23bf627ad7d326ce1f6ba88a7234bce51d",
"d4bd849dd9e74b8e6e7300d456ef5b0141dd5b5a",
"e512016cbe67dbd7922cc8f2437c2b94fdf4045b",
"08da698c5c817f1799630c6edc207f049e07b4da",
"e512016cbe67dbd7922cc8f2437c2b94fdf4045b",
"08da698c5c817f1799630c6edc207f049e07b4da",
"e2f09c54f5324b439904b09591fe2084178ab83b",
"8a739e6cde1d0a7b5cf1e54a5fe21a7b73693d00",
"e2f09c54f5324b439904b09591fe2084178ab83b",
"8a739e6cde1d0a7b5cf1e54a5fe21a7b73693d00",
"7069d578c390c50e2277d174079532b72e5753d4",
"90f618e7772327c6193cd9df242a3a1c80d70143",
"7069d578c390c50e2277d174079532b72e5753d4",
"90f618e7772327c6193cd9df242a3a1c80d70143",
"fc02d5739e7174fa98a47cd4e32ad8b5d86f37d9",
"59d76dda2e878942d01e352eb2a1ba938dd0a894",
"fc02d5739e7174fa98a47cd4e32ad8b5d86f37d9",
"59d76dda2e878942d01e352eb2a1ba938dd0a894",
"173b81e84b0dd815f15f650859feebc32ca0e001",
"ff17f910f6927a634deaeeb29cb1baeb99d08513",
"173b81e84b0dd815f15f650859feebc32ca0e001",
"ff17f910f6927a634deaeeb29cb1baeb99d08513",
"f9abe4d61972a816635df8e365bb310a8e61e65a",
"df6363ca6e9ff658b929daa31791642efb320c5f",
"f9abe4d61972a816635df8e365bb310a8e61e65a",
"df6363ca6e9ff658b929daa31791642efb320c5f",
"d4a0888b93bca42b3581fc049b0476bbe13d503b",
"1d24fb905b5bcf910e81d354990dd8e76c6baeb0",
"d4a0888b93bca42b3581fc049b0476bbe13d503b",
"1d24fb905b5bcf910e81d354990dd8e76c6baeb0",
"872348ff87d82dbf47133a080b0154746f540909",
"2a9673f9c6698ffdc26dc63881b739aa7048e4f7",
"872348ff87d82dbf47133a080b0154746f540909",
"2a9673f9c6698ffdc26dc63881b739aa7048e4f7",
"a87edb3df5e22aad29e32ef8c1c6e01358a6b2c2",
"ccd1d542390ce2daac302142447727462bf780a1",
"a87edb3df5e22aad29e32ef8c1c6e01358a6b2c2",
"ccd1d542390ce2daac302142447727462bf780a1",
"bf80ee04ef669df2cb65f8ea87825dacde9b612c",
"47e5264da85973037ea3577651934677f5897927",
"bf80ee04ef669df2cb65f8ea87825dacde9b612c",
"47e5264da85973037ea3577651934677f5897927",
"64d5216d9e039238cf7ccb755ab8efbfca2d24de",
"bd38a1311858c6bfbf78247572ebde6dc6a4f601",
"64d5216d9e039238cf7ccb755ab8efbfca2d24de",
"bd38a1311858c6bfbf78247572ebde6dc6a4f601",
"086c9ed833769162b84313c5616141e081fece49",
"adb0112f007874d18bb3389e56bb9593808d9110",
"086c9ed833769162b84313c5616141e081fece49",
"adb0112f007874d18bb3389e56bb9593808d9110",
"916313e0a2e351c82dc99f543ff738fa4cd888f9",
"32bb3dac48ef079acd62254d901fe4119ddac440",
"916313e0a2e351c82dc99f543ff738fa4cd888f9",
"32bb3dac48ef079acd62254d901fe4119ddac440",
"1fd69a06e8a4530d62c53c62eabc957e7575cd72",
"24716ddb72d6fb33287b3da2a4d1b3f18ecb9390",
"1fd69a06e8a4530d62c53c62eabc957e7575cd72",
"24716ddb72d6fb33287b3da2a4d1b3f18ecb9390",
"97a0b46efb4d86a5241a104f4a64261b7a80dcd5",
"44774ad6aa7ac68b48038555ff7e9a8bef66a2a7",
"97a0b46efb4d86a5241a104f4a64261b7a80dcd5",
"44774ad6aa7ac68b48038555ff7e9a8bef66a2a7",
"5c2513d14f2ff15b15e2494dff4b89ff968a9e82",
"c924530ea27f5a9c15fa8a46fd1b1d10e0681654",
"5c2513d14f2ff15b15e2494dff4b89ff968a9e82",
"c924530ea27f5a9c15fa8a46fd1b1d10e0681654",
"1f76dd9f672b3290ae91ad8f8f19b6c5779e53c3",
"a9d6536efecfae3925666d858c19a811c4b12a98",
"1f76dd9f672b3290ae91ad8f8f19b6c5779e53c3",
"a9d6536efecfae3925666d858c19a811c4b12a98",
"30350bda781eecee69b8e6e38ff48791e24406ea",
"af56bb89b9b40c7c490e1979af790ac3e03930a6",
"30350bda781eecee69b8e6e38ff48791e24406ea",
"af56bb89b9b40c7c490e1979af790ac3e03930a6",
"2971fb77060ed53fe093abb4b86341a3e546d6e4",
"60dfcf54f11dd7e20cdb310e52a35326fe6ef7d3",
"2971fb77060ed53fe093abb4b86341a3e546d6e4",
"60dfcf54f11dd7e20cdb310e52a35326fe6ef7d3",
"493994b0557351bd58535a46e20a88bc5cfa82d7",
"5e12eee87f1a5cbcdbe525fe7da1d435d5c8e0ce",
"493994b0557351bd58535a46e20a88bc5cfa82d7",
"5e12eee87f1a5cbcdbe525fe7da1d435d5c8e0ce",
"df15b2e543d4126aa67e1a64fc136cc3259a10d8",
"5b86a86fb66f271f32f4f41f1e0c57bab793826f",
"df15b2e543d4126aa67e1a64fc136cc3259a10d8",
"5b86a86fb66f271f32f4f41f1e0c57bab793826f",
"695130ce7b634cf6b75491385fadde9137fc145c",
"06de267e53935bac592a801e33ff9c3a5b72f4dd",
"695130ce7b634cf6b75491385fadde9137fc145c",
"06de267e53935bac592a801e33ff9c3a5b72f4dd",
"6202d2e8af574cf41ed0eb15f3dd3800a7d19eb3",
"75b7ba658ac0df4136a8c99e45a89e8963ee6cb4",
"6202d2e8af574cf41ed0eb15f3dd3800a7d19eb3",
"75b7ba658ac0df4136a8c99e45a89e8963ee6cb4",
"b122a17f59fdacd477aa3d62ab970b0d9d409960",
"e04eb69ed8fd2913e4f8a975d67b3f153b94532f",
"b122a17f59fdacd477aa3d62ab970b0d9d409960",
"e04eb69ed8fd2913e4f8a975d67b3f153b94532f",
"6c5f10a16ddc155ca3fce274b15d8fade2dbccd5",
"6dabbbfde6355d2e1dda40daefd512f7a5920a32",
"6c5f10a16ddc155ca3fce274b15d8fade2dbccd5",
"6dabbbfde6355d2e1dda40daefd512f7a5920a32",
"0e678dc1c66e314f01cfa92a80cb39d3d6d9b2a9",
"32f503544584cec4d138f56ea2128c27444fd66a",
"0e678dc1c66e314f01cfa92a80cb39d3d6d9b2a9",
"32f503544584cec4d138f56ea2128c27444fd66a",
"577dd42cc92de8d3cad62fcee5f5abbe051169ae",
"fa27d6bb10cd51f5f7f4347b44f75e7979d70efa",
"577dd42cc92de8d3cad62fcee5f5abbe051169ae",
"fa27d6bb10cd51f5f7f4347b44f75e7979d70efa",
"a19af76c5260dc6638fab5a6bf57cf79779032e9",
"17daa702fe03dc6a77d196eb486eed000436063c",
"a19af76c5260dc6638fab5a6bf57cf79779032e9",
"17daa702fe03dc6a77d196eb486eed000436063c",
"4393bdedd3e0b040c23993c327205daccfdf7f2f",
"a9f1f5ccd6624f90808b89fa104a0f0d8a68ee5d",
"4393bdedd3e0b040c23993c327205daccfdf7f2f",
"a9f1f5ccd6624f90808b89fa104a0f0d8a68ee5d",
"3890d4f8612db194a0f102749445617893d49aea",
"6937c4f4be5cab1a694eccefee940c4ab76b0d3d",
"3890d4f8612db194a0f102749445617893d49aea",
"6937c4f4be5cab1a694eccefee940c4ab76b0d3d",
"85fab3f9ae03cf33afe60df7f687e48c467abf7e",
"fc7f0b1126959e0a3f71ea346ea0de3e0e9d8e00",
"85fab3f9ae03cf33afe60df7f687e48c467abf7e",
"fc7f0b1126959e0a3f71ea346ea0de3e0e9d8e00",
"0b9d7accc6d0425551edbbeb27603d7676a2a1a3",
"d844a250ff898c706a08a2e91dba227f52124da2",
"0b9d7accc6d0425551edbbeb27603d7676a2a1a3",
"d844a250ff898c706a08a2e91dba227f52124da2",
"4e67194b36ca9e4a4aa87c36624c623d0066e4ea",
"1041c8f88b5fdb2952405e1994a6c8d36f26eb20",
"4e67194b36ca9e4a4aa87c36624c623d0066e4ea",
"1041c8f88b5fdb2952405e1994a6c8d36f26eb20",
"1eb9ca36973b8d255140f5e7c7f81697aa5adfe1",
"540e7bb7a77d6e6bebf6100879670073f081b0e9",
"1eb9ca36973b8d255140f5e7c7f81697aa5adfe1",
"540e7bb7a77d6e6bebf6100879670073f081b0e9",
"e4cc1e6957e59a170aff4973b6ab7df274af4fed",
"29c02d1fdb368dc909ca74ef711ae5bc978f6194",
"e4cc1e6957e59a170aff4973b6ab7df274af4fed",
"29c02d1fdb368dc909ca74ef711ae5bc978f6194",
"eb46f3058d1baa93b341057d2d83766cce8d8e96",
"cce5322a4826f779488d54c61b7f8dfb41fb9f57",
"eb46f3058d1baa93b341057d2d83766cce8d8e96",
"cce5322a4826f779488d54c61b7f8dfb41fb9f57",
"2a0afb10b70599a72450be67459bca868760b0b2",
"cdc05654c21cbd68c79d81d9ae7bb26fc1c19e30",
"2a0afb10b70599a72450be67459bca868760b0b2",
"cdc05654c21cbd68c79d81d9ae7bb26fc1c19e30",
"f999b33519d88ea244192c42635c549033341eb0",
"48a139a63a8cba24b11fe45ac08976fad310c3cd",
"f999b33519d88ea244192c42635c549033341eb0",
"48a139a63a8cba24b11fe45ac08976fad310c3cd",
"80aac08385b576311649afc91a05a3647acbd6fc",
"230266e82466584ae822516ed152e9b2814181f6",
"80aac08385b576311649afc91a05a3647acbd6fc",
"230266e82466584ae822516ed152e9b2814181f6",
"92218e6de8ee11943895900bee49b2f5f1a0ba69",
"b1b015aebc22c86fac3815c12861ea46bf417459",
"92218e6de8ee11943895900bee49b2f5f1a0ba69",
"b1b015aebc22c86fac3815c12861ea46bf417459",
"3ccbf8182b2f76308f60c3e344fd3786b1ec8619",
"200b2bf002ca66ec36a9f4d2eaa70102a21cac93",
"3ccbf8182b2f76308f60c3e344fd3786b1ec8619",
"200b2bf002ca66ec36a9f4d2eaa70102a21cac93",
"903479536adefa864fe9f95e94808ae5a0a9375e",
"d3e253638e824b0d7d5da534ca4b08595f8a77a9",
"903479536adefa864fe9f95e94808ae5a0a9375e",
"d3e253638e824b0d7d5da534ca4b08595f8a77a9",
"a7e4f7074c79ea601a8ce01c424da36a29394246",
"c3cef2f746e7abaed2aae53432ed7ef4d6fc177b",
"a7e4f7074c79ea601a8ce01c424da36a29394246",
"c3cef2f746e7abaed2aae53432ed7ef4d6fc177b",
"d185a15cdca09f45e499b426f2b1a7ef27b93c65",
"53b0f9859750ef4120dc3c59dae94f166cf490e8",
"d185a15cdca09f45e499b426f2b1a7ef27b93c65",
"53b0f9859750ef4120dc3c59dae94f166cf490e8",
"2a38de9ece554e053f09adcc83101e7822716957",
"a270f0cd351390cddfd0a205427ecfc7477c6eac",
"2a38de9ece554e053f09adcc83101e7822716957",
"a270f0cd351390cddfd0a205427ecfc7477c6eac",
"6e1bd107a19eb7bad598a535b68ec99a4230f9c4",
"31fd15abc83f3d6977d7cead1064081b65264fea",
"6e1bd107a19eb7bad598a535b68ec99a4230f9c4",
"31fd15abc83f3d6977d7cead1064081b65264fea",
"b963b04d2821c7cd45ffd5e8700ce323ccbb1311",
"d0e2fc09187f2446609537149231b0d241c72b4c",
"b963b04d2821c7cd45ffd5e8700ce323ccbb1311",
"d0e2fc09187f2446609537149231b0d241c72b4c",
"9511ad84fb413f7b5b25b7b9982fb9f20d85a86c",
"f3f5049b0660b44f759fe6444081ee8f963862e8",
"9511ad84fb413f7b5b25b7b9982fb9f20d85a86c",
"f3f5049b0660b44f759fe6444081ee8f963862e8",
"659e6d8cd7876c1d841e1f2cd835187b4d90005e",
"0575f660be4d504970521af9d940c5e2673e6f55",
"659e6d8cd7876c1d841e1f2cd835187b4d90005e",
"0575f660be4d504970521af9d940c5e2673e6f55",
"5a0600e3f3022ca2a572c2f535202780667dc890",
"bca44267dc28b0b8ac5ecfc81d5da1f6a8974f3e",
"5a0600e3f3022ca2a572c2f535202780667dc890",
"bca44267dc28b0b8ac5ecfc81d5da1f6a8974f3e",
"22430fd8f04f9c8430b62745d49af3949a0c3969",
"fad587ceb801ed5bd1e3a820402e44ad55427a2b",
"22430fd8f04f9c8430b62745d49af3949a0c3969",
"fad587ceb801ed5bd1e3a820402e44ad55427a2b",
"0684a0ea1bc6da8aba0c69e2fa97657a24573598",
"41a2a433e9a9323258f3add05e84740e937677c5",
"0684a0ea1bc6da8aba0c69e2fa97657a24573598",
"41a2a433e9a9323258f3add05e84740e937677c5",
"10094035a607ee3df6d875f41cce079926409b00",
"de0701164f33842031ba14134035f05990534c0f",
"10094035a607ee3df6d875f41cce079926409b00",
"de0701164f33842031ba14134035f05990534c0f",
"e65674c658dc0060f951315961720809e4ffb7b3",
"c86841eaae03f0090db9ffacd11d0db574aebf43",
"e65674c658dc0060f951315961720809e4ffb7b3",
"c86841eaae03f0090db9ffacd11d0db574aebf43",
"122bb9c7c72d134f537beba9425b29d6dab69016",
"b402d5f3d163ab932000fce7dbfe2c16d64561e5",
"122bb9c7c72d134f537beba9425b29d6dab69016",
"b402d5f3d163ab932000fce7dbfe2c16d64561e5",
"e1ac0c9d4c69807bc5fea5900c75b1c7a8f8e0a4",
"dd7af4dfd19a62982a0d5de8b35e331a481a6aad",
"e1ac0c9d4c69807bc5fea5900c75b1c7a8f8e0a4",
"dd7af4dfd19a62982a0d5de8b35e331a481a6aad",
"b18fa9e6594faef3247f5624d1bed351d5f65002",
"35c414a9563608296babbe83d751eefafbba2696",
"b18fa9e6594faef3247f5624d1bed351d5f65002",
"35c414a9563608296babbe83d751eefafbba2696",
"45da041fd04e173caa32b6d8006be79d6e12abbc",
"fc09069b25f42cb8dc6960eea76980a0ea8a768c",
"45da041fd04e173caa32b6d8006be79d6e12abbc",
"fc09069b25f42cb8dc6960eea76980a0ea8a768c",
"026e32404ac362a69e30f16d8e296f0019c328d5",
"0aba89d49b3a32e6be4874b954390a9a50b97d85",
"026e32404ac362a69e30f16d8e296f0019c328d5",
"0aba89d49b3a32e6be4874b954390a9a50b97d85",
"8f2f3c5af309911e0a58f01b03bfe204fcdb222a",
"2dd2b0caf193a21bd5588985a8c5e8a3a40c4790",
"8f2f3c5af309911e0a58f01b03bfe204fcdb222a",
"2dd2b0caf193a21bd5588985a8c5e8a3a40c4790",
"7f6fc39e9270a2119ce4f5dee21c1545551fb9e4",
"52d05230724cc874df7c4b4a0bbfd39d4b6085c7",
"7f6fc39e9270a2119ce4f5dee21c1545551fb9e4",
"52d05230724cc874df7c4b4a0bbfd39d4b6085c7",
"cc153155125660d02bb9fc542bb496668dc6e058",
"f54bf6a4c6f7c3d0077d152a094e3c7738cf0bd1",
"cc153155125660d02bb9fc542bb496668dc6e058",
"f54bf6a4c6f7c3d0077d152a094e3c7738cf0bd1",
"db62ba86c86fbfc024df2908ecab10eebab3893d",
"fcfcf1e45e8d5cdca0450b8dc90754b68e8e4673",
"db62ba86c86fbfc024df2908ecab10eebab3893d",
"fcfcf1e45e8d5cdca0450b8dc90754b68e8e4673",
"e57311dc19d624ec0db73b5f4f312f4afe699ffa",
"f88a948b0fd137d4b14cf5aec0c08066cb07e08d",
"e57311dc19d624ec0db73b5f4f312f4afe699ffa",
"f88a948b0fd137d4b14cf5aec0c08066cb07e08d",
"53239726e6b5c599f56d7890368e33cc99191ddb",
"c8c1a9b3ce4d3840538e7918603e9a0d99002545",
"53239726e6b5c599f56d7890368e33cc99191ddb",
"c8c1a9b3ce4d3840538e7918603e9a0d99002545",
"e90f4d7e69609567994f20d43c45e4dc74d57070",
"69599cb14da68fb05ba508d22a751233967bebda",
"e90f4d7e69609567994f20d43c45e4dc74d57070",
"69599cb14da68fb05ba508d22a751233967bebda",
"913f2649046c764d54f6f9c86336ff555e571e35",
"6afa1451bdabb3905168af6ee30a4cbb54caf5b1",
"913f2649046c764d54f6f9c86336ff555e571e35",
"6afa1451bdabb3905168af6ee30a4cbb54caf5b1",
"fd044badaf8a08c40af7b6f633cc270084cb0ca0",
"08466db9a488f46261453511a3da6462032ddaaf",
"fd044badaf8a08c40af7b6f633cc270084cb0ca0",
"08466db9a488f46261453511a3da6462032ddaaf",
"c90aaae48ec6775d2dd40fb7c84c2c47332942b9",
"c2a8776e21403eb00b38bfccd36d1c03dffb009e",
"c90aaae48ec6775d2dd40fb7c84c2c47332942b9",
"c2a8776e21403eb00b38bfccd36d1c03dffb009e",
"a1d985e13c07eddfa2721b14f7c9f869b0d733c9",
"c00cfb456fc6af0376fbea877b742594c443df97",
"a1d985e13c07eddfa2721b14f7c9f869b0d733c9",
"c00cfb456fc6af0376fbea877b742594c443df97"
]);
let rname = "rclone";
DeviceProcessEvents  
| where Timestamp >= ago(1d)
| where SHA1 in (rcloneexeonlyhashes) or FileName contains rname or ProcessVersionInfoCompanyName contains rname

Just filter the CSV using powershell/awk/Excel... Hope this helps rclone_hashes_sha1.csv

[LoZio]

In some way, I created a PR! https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/pull/413