diff --git a/winPEAS/winPEASexe/winPEAS/Checks/Checks.cs b/winPEAS/winPEASexe/winPEAS/Checks/Checks.cs
index 4cb3ed9..217367c 100644
--- a/winPEAS/winPEASexe/winPEAS/Checks/Checks.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/Checks.cs
@@ -5,6 +5,7 @@ using System.Linq;
 using System.Management;
 using System.Security.Principal;
 using winPEAS.Helpers;
+using winPEAS.Helpers.Search;
 using winPEAS.Info.UserInfo;
 
 namespace winPEAS.Checks
@@ -128,7 +129,7 @@ namespace winPEAS.Checks
                 CheckRegANSI();
             }
 
-            CreateDynamicLists();
+            CheckRunner.Run(CreateDynamicLists, IsDebug);
 
             Beaprint.PrintInit(IsDebug);           
 
@@ -234,6 +235,17 @@ namespace winPEAS.Checks
             {
                 Beaprint.GrayPrint("Error while creating admin users groups list: " + ex);
             }
+
+            // create the file lists
+            try
+            {
+                Beaprint.GrayPrint("   - Files/directories list for search...");
+                SearchHelper.CreateSearchDirectoriesList();
+            }
+            catch (Exception ex)
+            {
+                Beaprint.GrayPrint("Error while creating directory list: " + ex);
+            }            
         }
 
         private static void CheckRegANSI()
diff --git a/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs b/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs
index 6937b2f..2abb2a2 100644
--- a/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/Checks/FilesInfo.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.IO;
 using System.Text.RegularExpressions;
 using winPEAS.Helpers;
+using winPEAS.Helpers.Search;
 using winPEAS.InterestingFiles;
 using winPEAS.KnownFileCreds;
 
@@ -278,31 +279,56 @@ namespace winPEAS.Checks
             {
                 string patterns = "*credential*;*password*";
                 string pattern_color = "[cC][rR][eE][dD][eE][nN][tT][iI][aA][lL]|[pP][aA][sS][sS][wW][oO][rR][dD]";
-                List<string> valid_extensions = new List<string>() { ".txt", ".conf", ".cnf", ".yml", ".yaml", ".doc", ".docx", ".xlsx", ".json", ".xml" };
-                Dictionary<string, string> colorF = new Dictionary<string, string>()
-                    {
-                        { pattern_color, Beaprint.ansi_color_bad },
-                    };
+                
+                var valid_extensions = new List<string>() { ".txt", ".conf", ".cnf", ".yml", ".yaml", ".doc", ".docx", ".xlsx", ".json", ".xml" };
+
+                var validExtensions = new HashSet<string>
+                {
+                    ".cnf",
+                    ".conf",
+                    ".doc",
+                    ".docx",
+                    ".json",
+                    ".xlsx",
+                    ".xml",
+                    ".yaml",
+                    ".yml",
+                    ".txt",
+                };
+
+                var colorF = new Dictionary<string, string>()
+                {
+                    { pattern_color, Beaprint.ansi_color_bad },
+                };
 
                 Beaprint.MainPrint("Looking for possible password files in users homes");
                 Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#credentials-inside-files");
-                string searchPath = string.Format("{0}\\", Environment.GetEnvironmentVariable("SystemDrive") + "\\Users");
-                List<string> files_paths = SearchHelper.FindFiles(searchPath, patterns);
-                foreach (string file_path in files_paths)
+                string searchPath = $"{Environment.GetEnvironmentVariable("SystemDrive") + "\\Users"}\\";
+                List<CustomFileInfo> fileInfos = SearchHelper.SearchUserCredsFiles();
+
+                foreach (var fileInfo in fileInfos)
                 {
-                    if (!Path.GetFileName(file_path).Contains("."))
+                    // if (!Path.GetFileName(file_path).Contains("."))
+                    if (!fileInfo.Filename.Contains("."))
                     {
-                        Beaprint.AnsiPrint("    " + file_path, colorF);
+                        Beaprint.AnsiPrint("    " + fileInfo.FullPath, colorF);
                     }
                     else
                     {
-                        foreach (string ext in valid_extensions)
+                        string extLower = fileInfo.Extension.ToLower();
+
+                        if (validExtensions.Contains(extLower))
                         {
-                            if (file_path.Contains(ext))
-                            {
-                                Beaprint.AnsiPrint("    " + file_path, colorF);
-                            }
+                            Beaprint.AnsiPrint("    " + fileInfo.FullPath, colorF);
                         }
+
+                        //foreach (string ext in valid_extensions)
+                        //{
+                        //    if (file_path.Contains(ext))
+                        //    {
+                        //        Beaprint.AnsiPrint("    " + file_path, colorF);
+                        //    }
+                        //}
                     }
                 }
             }
@@ -356,19 +382,17 @@ namespace winPEAS.Checks
         {
             try
             {
-                Dictionary<string, string> colorF = new Dictionary<string, string>()
-                    {
-                        { _patternsFileCredsColor, Beaprint.ansi_color_bad },
-                    };
+                var colorF = new Dictionary<string, string>
+                {
+                    { _patternsFileCredsColor, Beaprint.ansi_color_bad },
+                };
 
                 Beaprint.MainPrint("Searching known files that can contain creds in home");
                 Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#credentials-inside-files");
-                string searchPath = Environment.GetEnvironmentVariable("USERPROFILE");
+               
+                var files = SearchHelper.SearchUsersInterestingFiles();
 
-                //SearchHelper.FindFiles(searchPath, _patternsFileCreds, colorF);
-                string patterns = string.Join(";", patternsFileCreds);
-                SearchHelper.FindFiles(searchPath, patterns, colorF);
-                
+                Beaprint.AnsiPrint("    " + string.Join("\n    ", files), colorF);
             }
             catch (Exception ex)
             {
diff --git a/winPEAS/winPEASexe/winPEAS/FastSearch/FileSearcher/FileSearcher.cs b/winPEAS/winPEASexe/winPEAS/FastSearch/FileSearcher/FileSearcher.cs
deleted file mode 100644
index 4d47b2b..0000000
--- a/winPEAS/winPEASexe/winPEAS/FastSearch/FileSearcher/FileSearcher.cs
+++ /dev/null
@@ -1,220 +0,0 @@
-using System;
-using System.Collections.Concurrent;
-using System.Collections.Generic;
-using System.IO;
-using System.Linq;
-using System.Text.RegularExpressions;
-using System.Threading;
-
-namespace winPEAS.FastSearch.FileSearcher
-{
-
-    /// <summary>
-    /// Represents a class for fast file search.
-    /// </summary>
-    public class FileSearcher
-    {
-        public static List<FileInfo> GetFilesFast(string folder, string pattern = "*", HashSet<string> excludedDirs = null)
-        {
-            ConcurrentBag<FileInfo> files = new ConcurrentBag<FileInfo>();
-           // ConcurrentBag<string> files = new ConcurrentBag<string>();
-
-            //Beaprint.InfoPrint($"[*] folder 1: '{folder}'");
-
-            IEnumerable<DirectoryInfo> startDirs = GetStartDirectories(folder, files, pattern);
-
-            IList<DirectoryInfo> startDirsExcluded = startDirs.ToList();
-
-            if (excludedDirs != null)
-            {
-                startDirsExcluded =
-                    (from startDir in startDirs
-                        from excludedDir in excludedDirs
-                        where !startDir.FullName.Contains(excludedDir)
-                        select startDir).ToList();
-            }     
-
-            //Beaprint.InfoPrint($"[*] folder 2: '{folder}'  pattern: '{pattern}'");
-            //Beaprint.InfoPrint($"[*] folder 2: '{folder}'  GetStartDirectories: '{string.Join("\n", startDirs.Select(d => d.FullName))}'");
-            //Beaprint.InfoPrint($"[*] folder 2: '{folder}'  startDirsExcluded: '{string.Join("\n", startDirsExcluded.Select(d => d.FullName))}'");
-
-            //Beaprint.InfoPrint($"[*]  folder 3: '{folder}' excludedDirs: '{string.Join("\n", excludedDirs ?? Enumerable.Empty<string>()) }'");
-            startDirsExcluded.AsParallel().ForAll((d) =>
-            {
-                GetStartDirectories(d.FullName, files, pattern).AsParallel().ForAll((dir) =>
-                {
-                    GetFiles(dir.FullName, pattern).ForEach((f) => files.Add(f));
-                   // FindFiles(dir.FullName, pattern, SearchOption.TopDirectoryOnly).ForEach((f) => files.Add(f));
-                });
-            });
-
-            // !!!! TODO
-            // probably we need to exclude the excluded dirs here - not in parallel processing
-
-            //Parallel.ForEach(startDirsExcluded, (d) =>
-            //{
-            //    Parallel.ForEach(GetStartDirectories(d.FullName, files, pattern), (dir) =>
-            //    {
-            //        GetFiles(dir.FullName, pattern).ForEach((f) => files.Add(f));
-            //    });
-            //});
-
-            return files.ToList();
-        }
-
-        private static List<DirectoryInfo> GetStartDirectories(string folder, ConcurrentBag<FileInfo> files, string pattern)
-        {
-            DirectoryInfo dirInfo = null;
-            DirectoryInfo[] directories = null;
-            try
-            {
-                dirInfo = new DirectoryInfo(folder);
-                directories = dirInfo.GetDirectories();
-
-                foreach (var f in dirInfo.GetFiles(pattern))
-                {
-                    files.Add(f);
-                }
-
-                if (directories.Length > 1)
-                    return new List<DirectoryInfo>(directories);
-
-                if (directories.Length == 0)
-                    return new List<DirectoryInfo>();
-
-            }
-            catch (UnauthorizedAccessException ex)
-            {
-                return new List<DirectoryInfo>();
-            }
-            catch (PathTooLongException ex)
-            {
-                return new List<DirectoryInfo>();
-            }
-            catch (DirectoryNotFoundException ex)
-            {
-                return new List<DirectoryInfo>();
-            }
-
-            return GetStartDirectories(directories[0].FullName, files, pattern);
-        }
-
-        public static List<FileInfo> GetFiles(string folder, string pattern = "*")
-        {
-            DirectoryInfo dirInfo;
-            DirectoryInfo[] directories;
-            try
-            {
-                dirInfo = new DirectoryInfo(folder);
-                directories = dirInfo.GetDirectories();
-
-                if (directories.Length == 0)
-                {
-                    return new List<FileInfo>(dirInfo.GetFiles(pattern));
-                }
-            }
-            catch (UnauthorizedAccessException)
-            {
-                return new List<FileInfo>();
-            }
-            catch (PathTooLongException)
-            {
-                return new List<FileInfo>();
-            }
-            catch (DirectoryNotFoundException)
-            {
-                return new List<FileInfo>();
-            }
-
-            List<FileInfo> result = new List<FileInfo>();
-
-            foreach (var d in directories)
-            {
-                result.AddRange(GetFiles(d.FullName, pattern));
-            }
-
-            try
-            {
-                result.AddRange(dirInfo.GetFiles(pattern));
-            }
-            catch (UnauthorizedAccessException)
-            {
-            }
-            catch (PathTooLongException)
-            {
-            }
-            catch (DirectoryNotFoundException)
-            {
-            }
-
-            return result;
-        }
-
-        public static List<string> FindFiles(string directory, string filters, SearchOption searchOption)
-        {
-            if (!Directory.Exists(directory)) return new List<string>();
-
-            var include = (from filter in filters.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries) where !string.IsNullOrEmpty(filter.Trim()) select filter.Trim());
-            var exclude = (from filter in include where filter.Contains(@"!") select filter);
-
-            include = include.Except(exclude);
-
-            if (include.Count() == 0) include = new string[] { "*" };
-
-            var rxfilters = from filter in exclude select string.Format("^{0}$", filter.Replace("!", "").Replace(".", @"\.").Replace("*", ".*").Replace("?", "."));
-            Regex regex = new Regex(string.Join("|", rxfilters.ToArray()));
-
-            List<Thread> workers = new List<Thread>();
-            List<string> files = new List<string>();
-
-            foreach (string filter in include)
-            {
-                Thread worker = new Thread(
-                    new ThreadStart(
-                        delegate
-                        {
-                            try
-                            {
-                                //string[] allfiles = Directory.GetFiles(directory, filter, searchOption);
-                                string[] allfiles = Directory.GetFiles(directory, filter, SearchOption.TopDirectoryOnly);
-                                if (exclude.Count() > 0)
-                                {
-                                    lock (files)
-                                    {
-                                        files.AddRange(allfiles.Where(p => !regex.Match(p).Success));
-                                    }
-                                }
-                                else
-                                {
-                                    lock (files)
-                                    {
-                                        files.AddRange(allfiles);
-                                    }
-                                }
-                            }
-                            catch (UnauthorizedAccessException)
-                            {
-                            }
-                            catch (PathTooLongException)
-                            {
-                            }
-                            catch (DirectoryNotFoundException)
-                            {
-                            }
-
-                        }
-                    ));
-
-                workers.Add(worker);
-                worker.Start();
-            }
-
-            foreach (Thread worker in workers)
-            {
-                worker.Join();
-            }
-
-            return files;
-        }
-    }
-}
diff --git a/winPEAS/winPEASexe/winPEAS/Helpers/CustomFileInfo.cs b/winPEAS/winPEASexe/winPEAS/Helpers/CustomFileInfo.cs
new file mode 100644
index 0000000..05858f9
--- /dev/null
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/CustomFileInfo.cs
@@ -0,0 +1,16 @@
+namespace winPEAS.Helpers
+{
+    internal class CustomFileInfo
+    {
+        public string Filename { get; set; }
+        public string Extension { get; set; }
+        public string FullPath { get; set; }
+
+        public CustomFileInfo(string filename, string extension, string fullPath)
+        {
+            Filename = filename;
+            Extension = extension;
+            FullPath = fullPath;
+        }
+    }
+}
diff --git a/winPEAS/winPEASexe/winPEAS/Helpers/Search/Patterns.cs b/winPEAS/winPEASexe/winPEAS/Helpers/Search/Patterns.cs
new file mode 100644
index 0000000..4d7ae1a
--- /dev/null
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/Search/Patterns.cs
@@ -0,0 +1,100 @@
+using System.Collections.Generic;
+
+namespace winPEAS.Helpers.Search
+{
+    static class Patterns
+    {        
+        public static readonly HashSet<string> WhitelistExtensions = new HashSet<string>()
+        {
+            ".cer",
+            ".csr",
+            ".der",
+            ".ftpconfig",
+            ".gpg",
+            ".kdbx",
+            ".ovpn",
+            ".p12",
+            ".pgp",
+            ".rdg",
+            ".git-credentials",
+            ".gitconfig",
+            ".htpasswd",
+        };
+      
+        public static readonly HashSet<string> WhiteListExactfilenamesWithExtensions = new HashSet<string>()
+        {
+            "id_dsa",
+            "id_rsa",
+            "access.log",
+            "access_tokens.db",
+            "accesstokens.json",
+            "appcmd.exe",
+            "appevent.evt",
+            "azureprofile.json",
+            "bash.exe",
+            "datasources.xml",
+            "default.sav",
+            "docker-compose.yml",
+            "dockerfile",
+            "drives.xml",
+            "error.log",
+            "ffftp.ini",
+            "filezilla.xml",
+            "freesshdservice.ini",
+            "groups.xml",
+            "httpd.conf",
+            "https-xampp.conf",
+            "https.conf",
+            "iis6.log",
+            "index.dat",
+            "keepass.config",
+            "my.cnf",
+            "my.ini",
+            "netsetup.log",
+            "ntds.dit",
+            "ntuser.dat",
+            "pagefile.sys",
+            "php.ini",
+            "printers.xml",
+            "rdcman.settings",
+            "recentservers.xml",
+            "sam",
+            "scclient.exe",
+            "scheduledtasks.xml",
+            "secevent.evt",
+            "security",
+            "security.sav",
+            "server.xml",
+            "services.xml",
+            "setupinfo",
+            "setupinfo.bak",
+            "sitemanager.xml",
+            "sites.ini",
+            "software",
+            "software.sav",
+            "sysprep.inf",
+            "sysprep.xml",
+            "system",
+            "system.sav",
+            "tomcat-users.xml",
+            "unattend.txt",
+            "unattend.xml",
+            "unattended.xml",
+            "wcx_ftp.ini",
+            "winscp.ini",
+            "ws_ftp.ini",
+            "wsl.exe",
+            "known_hosts",
+        };
+
+        public static readonly IList<string> WhiteListRegexp = new List<string>()
+        {
+            ".*_history\\.*",
+            "config.*\\.php$",
+            "vnc\\.*",
+            "elasticsearch\\.y*ml$",
+            "kibana\\.y*ml$",
+            "web.*\\.config$",
+        };       
+    }
+}
diff --git a/winPEAS/winPEASexe/winPEAS/Helpers/Search/SearchHelper.cs b/winPEAS/winPEASexe/winPEAS/Helpers/Search/SearchHelper.cs
new file mode 100644
index 0000000..c62a0bc
--- /dev/null
+++ b/winPEAS/winPEASexe/winPEAS/Helpers/Search/SearchHelper.cs
@@ -0,0 +1,454 @@
+using System;
+using System.Collections.Concurrent;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Text.RegularExpressions;
+using System.Threading.Tasks;
+
+namespace winPEAS.Helpers.Search
+{
+    static class SearchHelper
+    {
+        private static List<CustomFileInfo> RootDirUsers;
+        private static List<CustomFileInfo> RootDirCurrentUser;
+        private static List<CustomFileInfo> ProgramFiles;
+        private static List<CustomFileInfo> ProgramFilesX86;
+        private static List<CustomFileInfo> DocumentsAndSettings;
+        private static List<CustomFileInfo> GroupPolicyHistory;
+       // private static List<CustomFileInfo> GroupPolicyHistoryLegacy;
+       
+
+        public static List<CustomFileInfo> GetFilesFast(string folder, string pattern = "*", HashSet<string> excludedDirs = null)
+        {
+            ConcurrentBag<CustomFileInfo> files = new ConcurrentBag<CustomFileInfo>();
+            // ConcurrentBag<string> files = new ConcurrentBag<string>();
+
+            //Beaprint.InfoPrint($"[*] folder 1: '{folder}'");
+
+            IEnumerable<DirectoryInfo> startDirs = GetStartDirectories(folder, files, pattern);
+
+            IList<DirectoryInfo> startDirsExcluded = new List<DirectoryInfo>();
+
+            if (excludedDirs != null)
+            {
+                foreach (var startDir in startDirs)
+                {
+                    bool shouldAdd = true;
+                    string startDirLower = startDir.FullName.ToLower();
+
+                    foreach (var excludedDirPattern in excludedDirs)
+                    {
+                        if (Regex.IsMatch(startDirLower, excludedDirPattern, RegexOptions.IgnoreCase))
+                        {
+                            //files2.Add(file + $"  [pattern: '{pattern}']");
+                            shouldAdd = false;
+                            break;
+                        }
+
+                        //if (startDirLower.StartsWith(excludedDir))
+                        //{
+                        //    shouldAdd = false;
+                        //    break;
+                        //}
+                    }
+
+                    if (shouldAdd)
+                    {
+                        startDirsExcluded.Add(startDir);
+                    }
+                }
+
+
+                //startDirsExcluded =
+                //    (from startDir in startDirs
+                //     from excludedDir in excludedDirs
+                //     where !startDir.FullName.Contains(excludedDir)
+                //     select startDir).ToList();
+            }
+            else
+            {
+                startDirsExcluded = startDirs.ToList();
+            }
+
+
+            // !!!! TODO
+            // probably we need to exclude the excluded dirs here - not in parallel processing
+
+            Parallel.ForEach(startDirsExcluded, (d) =>
+            {
+                Parallel.ForEach(GetStartDirectories(d.FullName, files, pattern), (dir) =>
+                {
+                    GetFiles(dir.FullName, pattern).ForEach(
+                        (f) =>
+                            //files.Add(f.FullName)
+                            files.Add(new CustomFileInfo(f.Name, f.Extension, f.FullName))
+                        );
+                });
+            });
+
+            return files.ToList();
+        }
+       
+        public static List<FileInfo> GetFiles(string folder, string pattern = "*")
+        {
+            DirectoryInfo dirInfo;
+            DirectoryInfo[] directories;
+            try
+            {
+                dirInfo = new DirectoryInfo(folder);
+                directories = dirInfo.GetDirectories();
+
+                if (directories.Length == 0)
+                {
+                    return new List<FileInfo>(dirInfo.GetFiles(pattern));
+                }
+            }
+            catch (UnauthorizedAccessException)
+            {
+                return new List<FileInfo>();
+            }
+            catch (PathTooLongException)
+            {
+                return new List<FileInfo>();
+            }
+            catch (DirectoryNotFoundException)
+            {
+                return new List<FileInfo>();
+            }
+
+            List<FileInfo> result = new List<FileInfo>();
+
+            foreach (var d in directories)
+            {
+                result.AddRange(GetFiles(d.FullName, pattern));
+            }
+
+            try
+            {
+                result.AddRange(dirInfo.GetFiles(pattern));
+            }
+            catch (UnauthorizedAccessException)
+            {
+            }
+            catch (PathTooLongException)
+            {
+            }
+            catch (DirectoryNotFoundException)
+            {
+            }
+
+            return result;
+        }
+
+        
+
+        private static List<DirectoryInfo> GetStartDirectories(string folder, ConcurrentBag<CustomFileInfo> files, string pattern)
+        {
+            DirectoryInfo dirInfo = null;
+            DirectoryInfo[] directories = null;
+            try
+            {
+                dirInfo = new DirectoryInfo(folder);
+                directories = dirInfo.GetDirectories();
+
+                foreach (var f in dirInfo.GetFiles(pattern))
+                {
+                    //files.Add(f.FullName);
+                    files.Add(new CustomFileInfo(f.Name, f.Extension, f.FullName));
+                }
+
+                if (directories.Length > 1)
+                    return new List<DirectoryInfo>(directories);
+
+                if (directories.Length == 0)
+                    return new List<DirectoryInfo>();
+
+            }
+            catch (UnauthorizedAccessException ex)
+            {
+                return new List<DirectoryInfo>();
+            }
+            catch (PathTooLongException ex)
+            {
+                return new List<DirectoryInfo>();
+            }
+            catch (DirectoryNotFoundException ex)
+            {
+                return new List<DirectoryInfo>();
+            }
+
+            return GetStartDirectories(directories[0].FullName, files, pattern);
+        }
+
+        internal static void CreateSearchDirectoriesList()
+        {
+            string globalPattern = "*";
+            string systemDrive = Environment.GetEnvironmentVariable("SystemDrive");
+
+            // c:\users
+            string rootUsersSearchPath = $"{systemDrive}\\Users\\";
+            SearchHelper.RootDirUsers = SearchHelper.GetFilesFast(rootUsersSearchPath, globalPattern);
+
+            // c:\users\current_user
+            string rootCurrentUserSearchPath = Environment.GetEnvironmentVariable("USERPROFILE");
+            SearchHelper.RootDirCurrentUser = SearchHelper.GetFilesFast(rootCurrentUserSearchPath, globalPattern);
+
+            // c:\Program Files\
+            string rootProgramFiles = $"{systemDrive}\\Program Files\\";
+            SearchHelper.ProgramFiles = SearchHelper.GetFilesFast(rootProgramFiles, globalPattern);
+
+            // c:\Program Files (x86)\
+            string rootProgramFilesX86 = $"{systemDrive}\\Program Files (x86)\\";
+            SearchHelper.ProgramFilesX86 = SearchHelper.GetFilesFast(rootProgramFilesX86, globalPattern);
+
+            // c:\Documents and Settings\
+            string documentsAndSettings = $"{systemDrive}\\Documents and Settings\\";
+            SearchHelper.DocumentsAndSettings = SearchHelper.GetFilesFast(documentsAndSettings, globalPattern);
+
+            // c:\ProgramData\Microsoft\Group Policy\History
+            string groupPolicyHistory = $"{systemDrive}\\ProgramData\\Microsoft\\Group Policy\\History";
+            SearchHelper.GroupPolicyHistory = SearchHelper.GetFilesFast(groupPolicyHistory, globalPattern);
+
+            // c:\Documents and Settings\All Users\Application Data\\Microsoft\\Group Policy\\History
+            string groupPolicyHistoryLegacy = $"{documentsAndSettings}\\All Users\\Application Data\\Microsoft\\Group Policy\\History";
+            //SearchHelper.GroupPolicyHistoryLegacy = SearchHelper.GetFilesFast(groupPolicyHistoryLegacy, globalPattern);
+            var groupPolicyHistoryLegacyFiles = SearchHelper.GetFilesFast(groupPolicyHistoryLegacy, globalPattern);
+
+            SearchHelper.GroupPolicyHistory.AddRange(groupPolicyHistoryLegacyFiles);
+        }
+
+        internal static List<CustomFileInfo> SearchUserCredsFiles()
+        {
+            var result = new List<CustomFileInfo>();
+            var patterns = new List<string>
+            {
+                ".*credential.*",
+                ".*password.*"
+            };
+
+            foreach (var file in SearchHelper.RootDirUsers)
+            {                
+                //string extLower = file.Extension.ToLower();
+                string nameLower = file.Filename.ToLower();
+                //  string nameExtLower = nameLower + "." + extLower;
+
+                foreach (var pattern in patterns)
+                {
+                    if (Regex.IsMatch(nameLower, pattern, RegexOptions.IgnoreCase))
+                    {
+                        result.Add(new CustomFileInfo(file.Filename, file.Extension, file.FullPath));
+
+                        break;
+                    }
+                }
+            }
+
+            return result;
+        }
+
+        internal static List<string> SearchUsersInterestingFiles()
+        {           
+            //SearchHelper.FindFiles(searchPath, _patternsFileCreds, colorF);
+            //string patterns = string.Join(";", patternsFileCreds);
+
+            var result = new List<string>();
+
+            foreach (var file in SearchHelper.RootDirCurrentUser)
+            {
+                // !!! too slow - regexp
+                //foreach (var pattern in Patterns.PatternsFileCreds2)
+                //{
+                //    if (Regex.IsMatch(file, pattern, RegexOptions.IgnoreCase))
+                //    {
+                //        //files2.Add(file + $"  [pattern: '{pattern}']");
+                //        files2.Add(file);
+                //        break;
+                //    }
+                //}
+
+                string extLower = file.Extension.ToLower();
+                string nameLower = file.Filename.ToLower();
+                //  string nameExtLower = nameLower + "." + extLower;
+
+                if (Patterns.WhitelistExtensions.Contains(extLower) ||
+                    //   Patterns.WhiteListFilenames.Contains(nameLower) ||
+                    Patterns.WhiteListExactfilenamesWithExtensions.Contains(nameLower))
+                {
+                    result.Add(file.FullPath);
+                }
+                else
+                {
+                    foreach (var pattern in Patterns.WhiteListRegexp)
+                    {
+                        if (Regex.IsMatch(nameLower, pattern, RegexOptions.IgnoreCase))
+                        {
+                            result.Add(file.FullPath);
+
+                            break;
+                        }
+                    }
+                }
+            }
+
+            return result;
+        }
+
+        internal static List<string> FindCachedGPPPassword()
+        {
+            //SearchHelper.FindFiles(searchPath, _patternsFileCreds, colorF);
+            //string patterns = string.Join(";", patternsFileCreds);
+
+            var result = new List<string>();
+
+            var allowedExtensions = new HashSet<string>
+            {
+                ".xml"
+            };
+
+            foreach (var file in SearchHelper.GroupPolicyHistory)
+            {                
+                string extLower = file.Extension.ToLower();                              
+
+                if (allowedExtensions.Contains(extLower))
+                {
+                    result.Add(file.FullPath);
+                }              
+            }
+
+            return result;
+        }
+
+        internal static List<string> SearchMcAfeeSitelistFiles()
+        {
+            var result = new List<string>();
+           
+            HashSet<string> allowedFilenames = new HashSet<string>()
+            {
+                "sitelist.xml"
+            };
+
+            //string[] searchLocations =
+            //{
+            //    $"{drive}\\Program Files\\",
+            //    $"{drive}\\Program Files (x86)\\",
+            //    $"{drive}\\Documents and Settings\\",
+            //    $"{drive}\\Users\\",
+            //};
+
+            var searchFiles = new List<CustomFileInfo>();            
+            searchFiles.AddRange(SearchHelper.ProgramFiles);
+            searchFiles.AddRange(SearchHelper.ProgramFilesX86);
+            searchFiles.AddRange(SearchHelper.DocumentsAndSettings);
+            searchFiles.AddRange(SearchHelper.RootDirUsers);
+
+            foreach (var file in searchFiles)
+            {
+                string filenameToLower = file.Filename.ToLower();
+
+                if (allowedFilenames.Contains(filenameToLower))
+                {
+                    result.Add(file.FullPath);
+                }
+            }
+
+            return result;
+        }
+
+        internal static List<string> SearchCurrentUserDocs()
+        {
+            var result = new List<string>();
+
+            string patterns = "*diagram*;*.pdf;*.vsd;*.doc;*docx;*.xls;*.xlsx";
+
+            var allowedRegexp = new List<string>
+            {
+                ".*diagram.*",
+            };
+
+            var allowedExtensions = new HashSet<string>()
+            {
+                ".doc",
+                ".docx",
+                ".vsd",
+                ".xls",
+                ".xlsx",
+                ".pdf",
+            };
+
+            foreach (var file in SearchHelper.RootDirCurrentUser)
+            {
+                string extLower = file.Extension.ToLower();
+                string nameLower = file.Filename.ToLower();
+                //  string nameExtLower = nameLower + "." + extLower;
+
+                if (allowedExtensions.Contains(extLower))
+                {
+                    result.Add(file.FullPath);
+                }
+                else
+                {
+                    foreach (var pattern in allowedRegexp)
+                    {
+                        if (Regex.IsMatch(nameLower, pattern, RegexOptions.IgnoreCase))
+                        {
+                            result.Add(file.FullPath);
+
+                            break;
+                        }
+                    }
+                }
+            }
+
+            return result;
+        }
+
+        internal static List<string> SearchUsersDocs()
+        {
+            var result = new List<string>();
+
+            string patterns = "*diagram*;*.pdf;*.vsd;*.doc;*docx;*.xls;*.xlsx";
+
+            var allowedRegexp = new List<string>
+            {
+                ".*diagram.*",
+            };
+
+            var allowedExtensions = new HashSet<string>()
+            {
+                ".doc",
+                ".docx",
+                ".vsd",
+                ".xls",
+                ".xlsx",
+                ".pdf",
+            };
+
+            foreach (var file in SearchHelper.RootDirUsers)
+            {
+                string extLower = file.Extension.ToLower();
+                string nameLower = file.Filename.ToLower();
+                //  string nameExtLower = nameLower + "." + extLower;
+
+                if (allowedExtensions.Contains(extLower))
+                {
+                    result.Add(file.FullPath);
+                }
+                else
+                {
+                    foreach (var pattern in allowedRegexp)
+                    {
+                        if (Regex.IsMatch(nameLower, pattern, RegexOptions.IgnoreCase))
+                        {
+                            result.Add(file.FullPath);
+
+                            break;
+                        }
+                    }
+                }
+            }
+
+            return result;
+        }
+    }
+}
diff --git a/winPEAS/winPEASexe/winPEAS/Helpers/SearchHelper.cs b/winPEAS/winPEASexe/winPEAS/Helpers/SearchHelper.cs
deleted file mode 100644
index 5197f69..0000000
--- a/winPEAS/winPEASexe/winPEAS/Helpers/SearchHelper.cs
+++ /dev/null
@@ -1,77 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Linq;
-using System.Threading;
-
-namespace winPEAS.Helpers
-{
-    internal static class SearchHelper
-    {
-        public static List<string> FindFiles(string path, string patterns)
-        {
-            // finds files matching one or more patterns under a given path, recursive
-            // adapted from http://csharphelper.com/blog/2015/06/find-files-that-match-multiple-patterns-in-c/
-            //      pattern: "*pass*;*.png;"
-
-            var files = new List<string>();
-
-            if (!Directory.Exists(path))
-            {
-                return files;
-            }
-
-            try
-            {
-                // search every pattern in this directory's files
-                foreach (string pattern in patterns.Split(';'))
-                {
-                    files.AddRange(Directory.GetFiles(path, pattern, SearchOption.TopDirectoryOnly));
-                }
-
-                // go recurse in all sub-directories
-                foreach (var directory in Directory.GetDirectories(path))
-                    files.AddRange(FindFiles(directory, patterns));
-            }
-            catch (UnauthorizedAccessException) { }
-            catch (PathTooLongException) { }
-            catch (DirectoryNotFoundException) { }
-
-            return files;
-        }
-
-        public static void FindFiles(string path, string patterns, Dictionary<string, string> color)
-        {
-            try
-            {
-                if (!Directory.Exists(path))
-                {
-                    return;
-                }
-
-                // search every pattern in this directory's files
-                foreach (string pattern in patterns.Split(';'))
-                {
-                    Beaprint.AnsiPrint("    " + String.Join("\n    ", Directory.GetFiles(path, pattern, SearchOption.TopDirectoryOnly).Where(filepath => !filepath.Contains(".dll"))), color);
-                }
-
-                if (!Checks.Checks.IsSearchFast)
-                {
-                    Thread.Sleep(Checks.Checks.SearchTime);
-                }
-
-                // go recurse in all sub-directories
-                foreach (string directory in Directory.GetDirectories(path))
-                {
-                    if (!directory.Contains("AppData"))
-                    {
-                        FindFiles(directory, patterns, color);
-                    }
-                }
-            }
-            catch (UnauthorizedAccessException) { }
-            catch (PathTooLongException) { }
-            catch (DirectoryNotFoundException) { }
-        }        
-    }
-}
diff --git a/winPEAS/winPEASexe/winPEAS/InterestingFiles/GPP.cs b/winPEAS/winPEASexe/winPEAS/InterestingFiles/GPP.cs
index 45bfa7c..e16f199 100644
--- a/winPEAS/winPEASexe/winPEAS/InterestingFiles/GPP.cs
+++ b/winPEAS/winPEASexe/winPEAS/InterestingFiles/GPP.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.Security.Cryptography;
 using System.Xml;
 using winPEAS.Helpers;
+using winPEAS.Helpers.Search;
 
 namespace winPEAS.InterestingFiles
 {
@@ -24,7 +25,8 @@ namespace winPEAS.InterestingFiles
                 }
                 allUsers += "\\Microsoft\\Group Policy\\History"; // look only in the GPO cache folder
 
-                List<string> files = SearchHelper.FindFiles(allUsers, "*.xml");
+                //List<string> files = SearchHelper.FindFiles(allUsers, "*.xml");
+                List<string> files = SearchHelper.FindCachedGPPPassword();
 
                 // files will contain all XML files
                 foreach (string file in files)
diff --git a/winPEAS/winPEASexe/winPEAS/InterestingFiles/InterestingFiles.cs b/winPEAS/winPEASexe/winPEAS/InterestingFiles/InterestingFiles.cs
index e31d477..3de5861 100644
--- a/winPEAS/winPEASexe/winPEAS/InterestingFiles/InterestingFiles.cs
+++ b/winPEAS/winPEASexe/winPEAS/InterestingFiles/InterestingFiles.cs
@@ -4,6 +4,7 @@ using System.IO;
 using System.Linq;
 using System.Runtime.InteropServices;
 using winPEAS.Helpers;
+using winPEAS.Helpers.Search;
 
 namespace winPEAS.InterestingFiles
 {
@@ -43,19 +44,13 @@ namespace winPEAS.InterestingFiles
 
             try
             {
-                string drive = System.Environment.GetEnvironmentVariable("SystemDrive");
+               
 
-                string[] searchLocations =
-                {
-                    $"{drive}\\Program Files\\",
-                    $"{drive}\\Program Files (x86)\\",
-                    $"{drive}\\Documents and Settings\\",
-                    $"{drive}\\Users\\",
-                };
+                results = SearchHelper.SearchMcAfeeSitelistFiles();
 
-                results.AddRange(
-                    searchLocations.SelectMany(
-                        searchLocation => SearchHelper.FindFiles(searchLocation, "SiteList.xml")));
+                //results.AddRange(
+                //    searchLocations.SelectMany(
+                //        searchLocation => SearchHelper.FindFiles(searchLocation, "SiteList.xml")));
             }
             catch (Exception ex)
             {
@@ -110,28 +105,31 @@ namespace winPEAS.InterestingFiles
                 {
                     string searchPath = $"{Environment.GetEnvironmentVariable("SystemDrive")}\\Users\\";
 
-                    List<string> files = SearchHelper.FindFiles(searchPath, patterns);
+                    //List<string> files = SearchHelper.FindFiles(searchPath, patterns);
 
-                    foreach (string file in files)
-                    {
-                        DateTime lastAccessed = System.IO.File.GetLastAccessTime(file);
-                        DateTime lastModified = System.IO.File.GetLastWriteTime(file);
-                        results.Add(file);
-                    }
+                    //foreach (string file in files)
+                    //{
+                    //    //DateTime lastAccessed = System.IO.File.GetLastAccessTime(file);
+                    //    //DateTime lastModified = System.IO.File.GetLastWriteTime(file);
+                    //    results.Add(file);
+                    //}
+
+                    results = SearchHelper.SearchUsersDocs();                   
                 }
 
                 else
                 {
                     string searchPath = Environment.GetEnvironmentVariable("USERPROFILE");
 
-                    List<string> files = SearchHelper.FindFiles(searchPath, patterns);
+                    //List<string> files = SearchHelper.FindFiles(searchPath, patterns);
 
-                    foreach (string file in files)
-                    {
-                        DateTime lastAccessed = System.IO.File.GetLastAccessTime(file);
-                        DateTime lastModified = System.IO.File.GetLastWriteTime(file);
-                        results.Add(file);
-                    }
+                    //foreach (string file in files)
+                    //{
+                    //    //DateTime lastAccessed = System.IO.File.GetLastAccessTime(file);
+                    //    //DateTime lastModified = System.IO.File.GetLastWriteTime(file);
+                    //    results.Add(file);
+                    //}
+                    results = SearchHelper.SearchCurrentUserDocs();
                 }
             }
             catch (Exception ex)
diff --git a/winPEAS/winPEASexe/winPEAS/KnownFileCreds/KnownFileCredsInfo.cs b/winPEAS/winPEASexe/winPEAS/KnownFileCreds/KnownFileCredsInfo.cs
index 6575960..4ce99d2 100644
--- a/winPEAS/winPEASexe/winPEAS/KnownFileCreds/KnownFileCredsInfo.cs
+++ b/winPEAS/winPEASexe/winPEAS/KnownFileCreds/KnownFileCredsInfo.cs
@@ -22,7 +22,9 @@ namespace winPEAS.KnownFileCreds
                 foreach (string SID in SIDs)
                 {
                     if (SID.StartsWith("S-1-5") && !SID.EndsWith("_Classes"))
+                    {
                         results = RegistryHelper.GetRegValues("HKU", String.Format("{0}\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU", SID));
+                    }
                 }
             }
             else
diff --git a/winPEAS/winPEASexe/winPEAS/Program.cs b/winPEAS/winPEASexe/winPEAS/Program.cs
index a0abf6c..814d0c4 100755
--- a/winPEAS/winPEASexe/winPEAS/Program.cs
+++ b/winPEAS/winPEASexe/winPEAS/Program.cs
@@ -14,5 +14,3 @@ namespace winPEAS
         }
     }
 }
-
-
diff --git a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj
index 921926b..1202fa9 100755
--- a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj
+++ b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj
@@ -116,14 +116,15 @@
     <Compile Include="Checks\SystemInfo.cs" />
     <Compile Include="Checks\UserInfo.cs" />
     <Compile Include="Checks\WindowsCreds.cs" />
+    <Compile Include="Helpers\CustomFileInfo.cs" />
     <Compile Include="Helpers\MemoryHelper.cs" />
     <Compile Include="Helpers\PermissionsHelper.cs" />
+    <Compile Include="Helpers\Search\Patterns.cs" />
     <Compile Include="Info\ApplicationInfo\ApplicationInfoHelper.cs" />
     <Compile Include="Info\ApplicationInfo\AutoRuns.cs" />
     <Compile Include="Info\ApplicationInfo\DeviceDrivers.cs" />
     <Compile Include="Info\ApplicationInfo\InstalledApps.cs" />
     <Compile Include="Helpers\Beaprint.cs" />
-    <Compile Include="FastSearch\FileSearcher\FileSearcher.cs" />
     <Compile Include="InterestingFiles\GPP.cs" />
     <Compile Include="InterestingFiles\InterestingFiles.cs" />
     <Compile Include="InterestingFiles\Unattended.cs" />
@@ -211,7 +212,7 @@
     <Compile Include="Helpers\CheckRunner.cs" />
     <Compile Include="Helpers\ReflectionHelper.cs" />
     <Compile Include="Helpers\RegistryHelper.cs" />
-    <Compile Include="Helpers\SearchHelper.cs" />
+    <Compile Include="Helpers\Search\SearchHelper.cs" />
     <Compile Include="3rdParty\Watson\Msrc\CVE-2019-0836.cs" />
     <Compile Include="3rdParty\Watson\Msrc\CVE-2019-0841.cs" />
     <Compile Include="3rdParty\Watson\Msrc\CVE-2019-1064.cs" />