* False Archive Sysmon.exe splunk btool.exe SnareCore nxlog winlogbeat Microsoft Monitoring Agent\Agent\MonitoringHost.exe C:\Program Files\NVIDIA Corporation\Display\ C:\Program Files\Dell\SupportAssist\pcdrcui.exe C:\Program Files\Dell\SupportAssist\koala.exe C:\WindowsAzure\Packages\CollectGuestLogs C:\Program Files\Windows Defender C:\Windows\System32\audiodg.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ec2config.exe C:\WIndows\System32\poqexec.exe /noreboot /transaction C:\Packages\Plugins\Microsoft.Azure.Monitor.AzureMonitorWindowsAgent\ C:\Program Files\Microsoft Office\Office15\ONENOTE.EXE Spotify.exe OneDrive.exe AppData\Roaming\Dashlane\Dashlane.exe AppData\Roaming\Dashlane\DashlanePlugin.exe winlogbeat.exe ec2config.exe cfn-signal.exe amazon-ssm-agent.exe ec2wallpaperinfo.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe C:\Windows\System32\CompatTelRunner.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\System32\mmc.exe C:\Program Files\Microsoft VS Code\Code.exe C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe C:\Program Files\Windows Defender Advanced Threat Protection\ C:\Packages\Plugins\ C:\WindowsAzure\ C:\Program Files\Azure Advanced Threat Protection Sensor\ C:\Program Files\Microsoft Azure AD Connect Health Sync Agent\ C:\Program Files\Microsoft Azure AD Sync\ C:\Program Files\Microsoft Monitoring Agent\ microsoft windows VMware Intel chrome.exe vmtoolsd.exe Sysmon.exe mmc.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\System32\taskeng.exe C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe C:\Program Files\Windows Defender\NisSrv.exe C:\Program Files\Windows Defender\MsMpEng.exe onedrivesetup.exe onedrive.exe skypeapp.exe C:\Packages\Plugins\ C:\WindowsAzure\ C:\Program Files\Windows Defender Advanced Threat Protection\ C:\Program Files\Microsoft Monitoring Agent\ Sysmon.exe C:\Program Files\VMware\VMware Tools\vmtoolsd.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Sysmon.exe GoogleUpdate.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\ProgramData\Microsoft\Windows Defender\platform\ C:\Program Files\Microsoft VS Code\Code.exe C:\WindowsAzure\Packages\CollectGuestLogs.exe C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe CollectGuestLogs.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe Microsoft.Tri.Sensor.Updater.exe onedrivesetup.exe C:\Program Files\Azure Advanced Threat Protection Sensor\ C:\Program Files\Windows Defender Advanced Threat Protection\ C:\WindowsAzure\ Sysmon.exe C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe C:\Program Files\Microsoft VS Code\Code.exe C:\Program Files\Windows Defender\MsMpEng.exe c:\Program Files\Microsoft VS Code\resources\app\out\vs\workbench\services\files\node\watcher\win32\CodeHelper.exe C:\Program Files\Amazon\Ec2ConfigService\Ec2Config.exe C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe C:\windows\system32\CompatTelRunner.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Packages\Plugins\ C:\WindowsAzure\ C:\Program Files\WindowsApps\ C:\Program Files\Windows Defender Advanced Threat Protection\ C:\Windows\SystemApps\ C:\ProgramData\Microsoft\Windows Defender\platform\ StartMenuExperienceHost.exe ShellExperienceHost.exe mmc.exe Microsoft.Tri.Sensor.exe Microsoft.Tri.Sensor.Updater.exe C:\Windows\System32\RuntimeBroker.exe C:\windows\Explorer.EXE C:\ProgramData\Microsoft\Windows Defender\platform\ \svchost.exe Microsoft.Windows.Cortana SearchIndexer.exe winlogbeat.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Microsoft VS Code\Code.exe onedrivesetup.exe onedrive.exe skypeapp.exe C:\Packages\Plugins\ C:\WindowsAzure\ C:\Windows\SystemApps\Microsoft.Windows.Cortana C:\Program Files\Microsoft Azure AD Sync\ C:\Program Files\Microsoft Azure AD Connect Health Sync Agent\ C:\Windows\System32\winevt\Logs\ C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Sysmon.exe GoogleUpdate.exe C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe C:\Program Files\Windows Defender\NisSrv.exe C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe C:\windows\system32\AUDIODG.EXE C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Azure Advanced Threat Protection Sensor\ C:\Windows\SystemApps\Microsoft.Windows.Cortana C:\WindowsAzure\ C:\ProgramData\Microsoft\Windows Defender\platform\ onedrivesetup.exe onedrive.exe skypeapp.exe Microsoft.Tri.Sensor.exe Microsoft.Tri.Sensor.Updater.exe \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Microsoft Print to PDF\PrinterDriverData LanguageList Windows.UI.SettingsAppThreshold.pri \Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications \Software\Microsoft\Input\Settings\Insights \Schemas\StateSchema \Windows Search\CrawlScopeManager\Windows\SystemIndex \AppModel\StateRepository\Cache\Metadata \OpenWithProgids\ \Microsoft.WindowsMaps \AppModel\Deployment\Package \AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager \Software\Microsoft\Windows\CurrentVersion\DeliveryOptimization\ \Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.OneConnect HKLM\SOFTWARE\Microsoft\SecurityManager\CapAuthz \CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Cortana \DeliveryOptimization\Swarms\ HKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTime HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppReadiness\ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason HKLM\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload C:\Packages\Plugins\ C:\WindowsAzure\ C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe C:\Program Files (x86)\nxlog\nxlog.exe C:\Users\ C:\ProgramData\ C:\Windows\Temp\ C:\Program Files\ C:\windows\system32\mmc.exe C:\WindowsAzure\ C:\Packages\Plugins\