* False False Sysmon AcroRd32.exe /CR;channel= C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\LogTransport2.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P6\adobe_licutil.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P7\adobe_licutil.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P7\adobe_licutil.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe "C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe" -Embedding "C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe" "C:\Windows\system32\cscript.exe" /nologo "MonitorKnowledgeDiscovery.vbs" C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\program files (x86)\desktopcentral_agent\bin\ C:\program files\desktopcentral_server\bin\ C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe C:\Program Files\NVIDIA Corporation\ C:\Program Files\Realtek\ C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe C:\Program Files\ESET\ESET Nod32 Antivirus\ekrn.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type= "C:\Program Files\Google\Chrome\Application\chrome.exe" --type= C:\Program Files (x86)\Google\Update\ C:\Program Files (x86)\Google\Update\ C:\Program Files (x86)\RES Software\Workspace Manager\pfwsmgr.exe C:\Program Files (x86)\RES Software\Workspace Manager\respesvc64.exe C:\Program Files (x86)\Ivanti\Workspace Control\pfwsmgr.exe C:\Program Files (x86)\RES Software\Workspace Manager\ResPesvc64.exe C:\Program Files\RES Software\Workspace Manager\respesvc.exe C:\Program Files\Ivanti\Workspace Control\ResPesvc.exe C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel "C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe C:\Program Files\Splunk\bin\ C:\Program Files\Splunk\bin\splunkd.exe C:\Program Files\Splunk\bin\splunk.exe D:\Program Files\Splunk\bin\ D:\Program Files\Splunk\bin\splunkd.exe D:\Program Files\Splunk\bin\splunk.exe C:\Program Files\SplunkUniversalForwarder\bin\ C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe D:\Program Files\SplunkUniversalForwarder\bin\ D:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe D:\Program Files\SplunkUniversalForwarder\bin\splunk.exe C:\Windows\system32\svchost.exe -k appmodel -s StateRepository C:\Windows\system32\svchost.exe -k appmodel C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc C:\Windows\system32\svchost.exe -k camera -s FrameServer C:\Windows\system32\svchost.exe -k dcomlaunch -s LSM C:\Windows\system32\svchost.exe -k dcomlaunch -s PlugPlay C:\Windows\system32\svchost.exe -k defragsvc C:\Windows\system32\svchost.exe -k devicesflow -s DevicesFlowUserSvc C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k localService -s EventSystem C:\Windows\system32\svchost.exe -k localService -s bthserv C:\Windows\system32\svchost.exe -k localService -s nsi C:\Windows\system32\svchost.exe -k localService -s w32Time C:\Windows\system32\svchost.exe -k localServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s Dhcp C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s EventLog C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s TimeBrokerSvc C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s WFDSConMgrSvc C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted C:\Windows\system32\svchost.exe -k localServiceAndNoImpersonation -s SensrSvc C:\Windows\system32\svchost.exe -k localServiceNoNetwork C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -p -s WPDBusEnum C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -p -s fhsvc C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s DeviceAssociationService C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s NcbService C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s SensorService C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s TabletInputService C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s UmRdpService C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s WPDBusEnum C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s WdiSystemHost C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc C:\Windows\system32\svchost.exe -k netsvcs -p -s ncaSvc C:\Windows\system32\svchost.exe -k netsvcs -s BDESVC C:\Windows\system32\svchost.exe -k netsvcs -s BITS C:\Windows\system32\svchost.exe -k netsvcs -s CertPropSvc C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc C:\Windows\system32\svchost.exe -k netsvcs -s Gpsvc C:\Windows\system32\svchost.exe -k netsvcs -s ProfSvc C:\Windows\system32\svchost.exe -k netsvcs -s SENS C:\Windows\system32\svchost.exe -k netsvcs -s SessionEnv C:\Windows\system32\svchost.exe -k netsvcs -s Themes C:\Windows\system32\svchost.exe -k netsvcs -s Winmgmt C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k networkService -p -s DoSvc C:\Windows\system32\svchost.exe -k networkService -s Dnscache C:\Windows\system32\svchost.exe -k networkService -s LanmanWorkstation C:\Windows\system32\svchost.exe -k networkService -s NlaSvc C:\Windows\system32\svchost.exe -k networkService -s TermService C:\Windows\system32\svchost.exe -k networkService C:\Windows\system32\svchost.exe -k networkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k rPCSS C:\Windows\system32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k swprv C:\Windows\system32\svchost.exe -k unistackSvcGroup C:\Windows\system32\svchost.exe -k utcsvc C:\Windows\system32\svchost.exe -k wbioSvcGroup C:\Windows\system32\svchost.exe -k werSvcGroup C:\WINDOWS\System32\svchost.exe -k wsappx -p -s ClipSVC C:\WINDOWS\system32\svchost.exe -k wsappx -p -s AppXSvc C:\Windows\system32\svchost.exe -k wsappx -s ClipSVC C:\Windows\system32\svchost.exe -k wsappx C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted C:\Program Files\Trend Micro\Deep Security Agent\ds_monitor.exe C:\Program Files\Trend Micro\Deep Security Agent\dsa.exe C:\Program Files\Trend Micro\Deep Security Agent\dsuam.exe C:\Program Files\Trend Micro\Deep Security Agent\Notifier.exe C:\Program Files\Trend Micro\Deep Security Agent\lib\Patch.exe C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopExtIns32.exe C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmExtIns.exe C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe C:\Program Files\Windows Defender\ C:\Windows\system32\MpSigStub.exe C:\Windows\SoftwareDistribution\Download\Install\AM_ C:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\system32\DllHost.exe /Processid C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\System32\CompatTelRunner.exe C:\Windows\System32\MusNotification.exe C:\Windows\System32\MusNotificationUx.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\conhost.exe C:\Windows\System32\powercfg.exe C:\Windows\System32\wbem\WmiApSrv.exe C:\Windows\System32\wermgr.exe C:\Windows\SysWOW64\wermgr.exe C:\Windows\system32\sppsvc.exe AppContainer %%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows C:\Windows\system32\SearchIndexer.exe AppData\Local\Google\Chrome\Application\chrome.exe Root\VFS\ProgramFilesX86\Google\Chrome\Application\chrome.exe \NVIDIA\NvBackend\ApplicationOntology\ OneDrive.exe setup slack.exe AppData\Local\Microsoft\Teams\current\Teams.exe AppData\Roaming\Dropbox\bin\Dropbox.exe winlogbeat.exe packetbeat.exe C:\Program Files\ESET\ESET Nod32 Antivirus\ekrn.exe C:\Windows\System32\lsass.exe 88 OneDrive.exe OneDriveStandaloneUpdater.exe ownCloud\owncloud.exe C:\Program Files\Palo Alto Networks\Traps\cyserver.exe udp 3389 C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe AppData\Roaming\Spotify\Spotify.exe AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-ui.exe AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe C:\Program files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe .windowsupdate.microsoft.com .windowsupdate.com wustat.windows.com go.microsoft.com .update.microsoft.com download.microsoft.com microsoft.com.akadns.net microsoft.com.nsatc.net Intel Valid Microsoft Valid C:\Windows\System32\cscript.exe scrobj.dll powershell.exe mscoree.dll;mscoreei.dll;mscoreeis.dll;clr.dll;clrjit.dll VSTOInstaller.exe C:\Windows\ C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe C:\Users\;\AppData\Local\Microsoft\OneDrive\;\FileSyncTelemetryExtensions.dll C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe C:\Users\;\AppData\Local\Microsoft\OneDrive\;\FileCoAuthLib.dll C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe C:\Users\;\AppData\Local\Microsoft\OneDrive\;\OneDriveTelemetryStable.dll C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe C:\Users\;\AppData\Local\Microsoft\OneDrive\;\vcruntime140.dll C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe C:\Users\;\AppData\Local\Microsoft\OneDrive\;\UpdateRingSettings.dll C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe C:\Users\;\AppData\Local\Microsoft\OneDrive\;\LoggingPlatform.dll C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe C:\Users\;\AppData\Local\Microsoft\OneDrive\;\FileCoAuth.exe C:\Windows\System32\svchost.exe C:\Windows\System32\netapi32.dll C:\Windows\System32\svchost.exe C:\Windows\System32\msvcp110_win.dll C:\Windows\System32\svchost.exe C:\Windows\System32\dsreg.dll C:\Windows\System32\svchost.exe C:\Windows\System32\perfctrs.dll C:\Windows\System32\svchost.exe C:\Windows\System32\wininit.exe C:\Windows\System32\csrss.exe C:\Windows\System32\services.exe C:\Windows\System32\winlogon.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\dwm.exe C:\Windows\System32\csrss.exe Google\Chrome\Application\chrome.exe C:\Windows\System32\wbem\WmiPrvSE.exe C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe C:\Program Files;\Common Files\Adobe\AdobeGCClient\AGMService.exe C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe C:\Program Files\Adobe\Adobe Photoshop 2021\Photoshop.exe C:\Program Files\Autodesk\Autodesk Desktop App C:\Program Files (x86)\Autodesk\Autodesk Desktop App C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe C:\Windows\system32\cscript.exe C:\WindowsAzure\GuestAgent_;CollectGuestLogs.exe C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe C:\Windows\CarbonBlack\cb.exe software_reporter_tool.exe software_reporter_tool.exe 0x1410 software_reporter_tool.exe chrome.exe 0x1410 software_reporter_tool.exe 0x1410 C:\Program Files\Cisco\AMP\;sfc.exe C:\Users\;\AppData\Local\Citrix\ICA Client\receiver\Receiver.exe C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe c:\Program Files\Couchbase\Server\bin\sigar_port.exe C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\;\OpenHandleCollector.exe C:\Program Files\Elastic\Agent\data\;\metricbeat.exe C:\Program Files;\FireEye\xagt\xagt.exe C:\Program Files (x86)\Ivanti\Workspace Control\cpushld.exe C:\Program Files (x86)\RES Software\Workspace Manager\cpushld.exe C:\Program Files\Ivanti\Workspace Control\cpushld.exe C:\Program Files\RES Software\Workspace Manager\cpushld.exe wmiprvse.exe GoogleUpdate.exe LTSVC.exe taskmgr.exe VBoxService.exe vmtoolsd.exe \Citrix\System32\wfshell.exe C:\Windows\System32\lsm.exe Microsoft.Identity.AadConnect.Health.AadSync.Host.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection 0x1000 0x1400 0x101400 0x101000 C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe C:\Program Files\McAfee\Agent\x86\macompatsvc.exe C:\Users\;\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe C:\Users\;\AppData\Local\Microsoft\Teams\current\Teams.exe C:\Users\;\AppData\Local\Microsoft\Teams\current\Teams.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\ProgramData\Microsoft\Windows Defender\Platform\;\MsMpEng.exe C:\Program Files (x86)\Mobatek\MobaXterm\MobaXterm.exe C:\Program Files\Palo Alto Networks\Traps\cyserver.exe C:\Program Files\Qualys\QualysAgent\QualysAgent.exe C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe C:\WINDOWS\CCM\CcmExec.exe C:\Program Files\Splunk\bin\splunkd.exe C:\Program Files\Microsoft VS Code\Code.exe C:\Program Files\Microsoft VS Code\Code.exe 0x100000 C:\Program Files\Microsoft VS Code\Code.exe C:\Program Files\Microsoft VS Code\Code.exe 0x1401 C:\Users\;\AppData\Local\Programs\Microsoft VS Code\Code.exe C:\Users\;\AppData\Local\Programs\Microsoft VS Code\Code.exe 0x1401 C:\Program Files (x86)\VMware\VMWare Player\vmware-authd.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\WinZip\FAHWindow64.exe C:\Program Files (x86)\Dell\CommandUpdate\InvColPC.exe C:\Program Files\Elastic\Endpoint\elastic-endpoint.exe C:\Program Files\Elastic\Endpoint\state\last-document-id.json C:\Program Files\Elastic\Agent\data\ C:\Program Files\Elastic\Agent\data\;.ndjson C:\Windows\system32\igfxCUIService.exe C:\Program Files (x86)\Ivanti\Workspace Control\pfwsmgr.exe C:\Program Files (x86)\RES Software\Workspace Manager\pfwsmgr.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe C:\Windows\Prefetch;.pf C:\Windows\System32\smss.exe C:\Windows\system32\CompatTelRunner.exe C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\System32\DriverStore\Temp\ C:\Windows\System32\wbem\Performance\ WRITABLE.TST \AppData\Roaming\Microsoft\Windows\Recent\ C:\$WINDOWS.~BT\Sources\SafeOS\SafeOS.Mount\ C:\WINDOWS\winsxs\amd64_microsoft-windows c:\Program Files\Microsoft Security Client\MsMpEng.exe Outlook.exe Roaming\Microsoft\Outlook\Outlook.xml c:\windows\system32\provtool.exe C:\Windows\system32\wsmprovhost.exe C:\Users\;\AppData\Local\Temp;__PSScriptPolicyTest;.ps1 C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\Temp;__PSScriptPolicyTest;.ps1 NT AUTHORITY\SYSTEM C:\WINDOWS\CCM\CcmExec.exe C:\Windows\CCM C:\Windows\System32\Tasks\Microsoft\Windows\PLA\FabricTraces C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant C:\Windows\System32\svchost.exe C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat C:\Windows\System32\svchost.exe C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\aciseposture.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\Program Files\Cylance\Optics\CyOptics.exe C:\Program Files\Cylance\Desktop\CylanceSvc.exe svchost.exe HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters svchost.exe HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces Toolbar\WebBrowser Toolbar\WebBrowser\ITBar7Height Toolbar\ShellBrowser\ITBar7Layout Internet Explorer\Toolbar\Locked ShellBrowser C:\Program Files (x86)\Ivanti\Workspace Control\pfwsmgr.exe C:\Program Files\RES Software\Workspace Manager\pfwsmgr.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security C:\Program Files\Kaspersky Lab\Kaspersky Internet Security C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe C:\Program Files\McAfee\Endpoint Security\Adaptive Threat Protection\mfeatp.exe C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe C:\Program Files\Common Files\McAfee\Engine\AMCoreUpdater\amupdate.exe C:\Program Files\McAfee\Agent\masvc.exe C:\Program Files\McAfee\Agent\x86\mfemactl.exe C:\Program Files\McAfee\Agent\x86\McScript_InUse.exe C:\Program Files\McAfee\Agent\x86\macompatsvc.exe C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeensppl.exe C:\Program Files\Common Files\McAfee\Engine\scanners C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe HKLM\System\CurrentControlSet\Services\HealthService\Parameters\Management Groups \{CAFEEFAC- CreateKey HKLM\COMPONENTS C:\Program Files\ownCloud\owncloud.exe C:\Program Files (x86)\ownCloud\owncloud.exe svchost.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks C:\Program Files\SentinelOne\Sentinel Agent System C:\Program Files\VMware\VMware Tools\vmtoolsd.exe HKLM\System\CurrentControlSet\Services\Tcpip\Parameters C:\Program Files (x86)\Webroot\WRSA.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Audit HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Audit\AuditPolicy HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit \OpenWithProgids \OpenWithList \UserChoice \UserChoice\ProgId \UserChoice\Hash \OpenWithList\MRUList } 0xFFFF Office\root\integration\integrator.exe C:\WINDOWS\system32\backgroundTaskHost.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe \CurrentVersion\App Paths \CurrentVersion\Image File Execution Options \CurrentVersion\Shell Extensions\Cached \CurrentVersion\Shell Extensions\Approved }\PreviousPolicyAreas \Control\WMI\Autologger\ HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\Start \Lsa\OfflineJoin\CurrentValue \Components\TrustedInstaller\Events \Components\TrustedInstaller \Components\Wlansvc \Components\Wlansvc\Events HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\ \Directory\shellex \Directory\shellex\DragDropHandlers \Drive\shellex \Drive\shellex\DragDropHandlers _Classes\AppX HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\ SOFTWARE;\Microsoft\EnterpriseCertificates\Disallowed SOFTWARE;\Microsoft\SystemCertificates\Disallowed Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe C:\$WINDOWS.~BT\ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters C:\Windows\system32\lsass.exe HKLM\System\CurrentControlSet\Services SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization C:\Windows\System32\svchost.exe HKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTime HKLM\System\CurrentControlSet\Services\SmsRouter\State\Registration\Ids \services\clr_optimization_v2.0.50727_32\Start \services\clr_optimization_v2.0.50727_64\Start \services\clr_optimization_v4.0.30319_32\Start \services\clr_optimization_v4.0.30319_64\Start \services\DeviceAssociationService\Start \services\BITS\Start \services\TrustedInstaller\Start \services\tunnel\Start \services\UsoSvc\Start C:\Program Files;\Common Files\Adobe\ARM\1.0\AdobeARM.exe \32B6B37A-4A7D-4e00-95F2- thsnYaVieBoda C:\Program Files;\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe \com.adobe.reader.rna.;\mojo C:\Program Files;\Common Files\Adobe\AdobeGCClient\AGMService.exe \gc_pipe_ C:\Program Files;\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe \uv\ "C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe" C:\Users\;\AppData\Local\Programs\Call Manager\Call Manager.exe \crashpad_;\mojo.;\uv\ C:\Program Files;\Citrix\ICA Client\SelfServicePlugin\SelfService.exe C:\Program Files;\Citrix\ICA Client\Receiver\Receiver.exe C:\Program Files;\Citrix\ICA Client\wfcrun32.exe C:\Program Files;\Citrix\ICA Client\concentr.exe C:\Users\;\AppData\Local\Citrix\ICA Client\receiver\Receiver.exe C:\Users\;\AppData\Local\Citrix\ICA Client\SelfServicePlugin\SelfService.exe C:\Program Files;\FireEye\xagt\xagt.exe C:\Program Files;\Google\Update\Install\;setup.exe \crashpad_ C:\Program Files;\Google\Chrome\Application\chrome.exe \mojo. C:\Program Files;\Google\Chrome\Application\;\Installer\chrmstp.exe \crashpad_ \Vivisimo Velocity C:\Program Files;\Microsoft\Edge\Application\msedge.exe \LOCAL\mojo. C:\Program Files;\Microsoft\Edge\Application\msedge.exe \LOCAL\chrome.sync. C:\Program Files;\Microsoft\Edge\Application\msedge.exe \LOCAL\crashpad_ C:\Program Files;\Microsoft Office\root\Office16\OUTLOOK.EXE \MsFteWds C:\Users\;\AppData\Local\Microsoft\Teams\current\Teams.exe \mojo. C:\Users\;\AppData\Local\Microsoft\Teams\current\Teams.exe \chrome.sync. C:\Program Files;\Mozilla Firefox\firefox.exe \cubeb-pipe- C:\Program Files;\Mozilla Firefox\firefox.exe \chrome. C:\Program Files;\Mozilla Firefox\firefox.exe \gecko-crash-server-pipe. \SQLLocal\MSSQLSERVER \SQLLocal\INSTANCE01 \SQLLocal\SQLEXPRESS \SQLLocal\COMMVAULT \SQLLocal\RTCLOCAL \SQLLocal\RTC \SQLLocal\TMSM Program Files (x86)\Microsoft SQL Server\110\DTS\binn\dtexec.exe PostgreSQL\9.6\bin\postgres.exe \pgsignal_ Program Files\Qlik\Sense\Engine\Engine.exe C:\Program Files;\Qualys\QualysAgent\QualysAgent.exe Program Files\SplunkUniversalForwarder\bin\splunkd.exe Program Files\SplunkUniversalForwarder\bin\splunk.exe Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\CMAgent\OfcCMAgent.exe Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\web\service\verconn.exe Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\WEB_OSCE\WEB\CGI\cgiOnClose.exe Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\WEB_OSCE\WEB\CGI\cgiRqHotFix.exe Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\LWCS\LWCSService.exe Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\WSS\iCRCService.exe Program Files\Trend\SPROTECT\x64\tsc.exe Program Files\Trend\SPROTECT\x64\tsc64.exe Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\web\service\osceintegrationservice.exe Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\web\service\OfcLogReceiverSvc.exe \Trend Micro OSCE Command Handler Manager \Trend Micro OSCE Command Handler2 Manager \Trend Micro Endpoint Encryption ToolBox Command Handler Manager \OfcServerNamePipe \ntapvsrq \srvsvc \wkssvc \lsass \winreg \spoolss Anonymous Pipe c:\windows\system32\inetsrv\w3wp.exe .1rx.io .2mdn.net .adadvisor.net .adap.tv .addthis.com .adform.net .adnxs.com .adroll.com .adrta.com .adsafeprotected.com .adsrvr.org .advertising.com .amazon-adsystem.com .amazon-adsystem.com .analytics.yahoo.com .aol.com .betrad.com .bidswitch.net .casalemedia.com .chartbeat.net .cnn.com .convertro.com .criteo.com .criteo.net .crwdcntrl.net .demdex.net .domdex.com .dotomi.com .doubleclick.net .doubleverify.com .emxdgt.com .exelator.com .google-analytics.com .googleadservices.com .googlesyndication.com .googletagmanager.com .googlevideo.com .gstatic.com .gvt1.com .gvt2.com .ib-ibi.com .jivox.com .mathtag.com .moatads.com .moatpixel.com .mookie1.com .myvisualiq.net .netmng.com .nexac.com .openx.net .optimizely.com .outbrain.com .pardot.com .phx.gbl .pinterest.com .pubmatic.com .quantcount.com .quantserve.com .revsci.net .rfihub.net .rlcdn.com .rubiconproject.com .scdn.co .scorecardresearch.com .serving-sys.com .sharethrough.com .simpli.fi .sitescout.com .smartadserver.com .snapads.com .spotxchange.com .taboola.com .taboola.map.fastly.net .tapad.com .tidaltv.com .trafficmanager.net .tremorhub.com .tribalfusion.com .turn.com .twimg.com .tynt.com .w55c.net .ytimg.com .zorosrv.com 1rx.io adservice.google.com ampcid.google.com clientservices.googleapis.com googleadapis.l.google.com imasdk.googleapis.com l.google.com ml314.com mtalk.google.com update.googleapis.com www.googletagservices.com .mozaws.net .mozilla.com .mozilla.net .mozilla.org clients1.google.com clients2.google.com clients3.google.com clients4.google.com clients5.google.com clients6.google.com safebrowsing.googleapis.com .akadns.net .netflix.com .aspnetcdn.com ajax.googleapis.com cdnjs.cloudflare.com fonts.googleapis.com .typekit.net cdnjs.cloudflare.com .stackassets.com .steamcontent.com .arpa. .arpa .msftncsi.com .localmachine localhost C:\ProgramData\LogiShrd\LogiOptions\Software\Current\updater.exe .logitech.com C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe -pushp.svc.ms .b-msedge.net .bing.com .hotmail.com .live.com .live.net .s-microsoft.com .microsoft.com .microsoftonline.com .microsoftstore.com .ms-acdc.office.com .msedge.net .msn.com .msocdn.com .skype.com .skype.net .windows.com .windows.net.nsatc.net .windowsupdate.com .xboxlive.com login.windows.net outlook.office.com statics.teams.cdn.office.net acdc-direct.office.com .fp.measure.office.com office365.com .activedirectory.windowsazure.com .aria.microsoft.com .msauth.net .msftauth.net .opinsights.azure.com management.azure.com outlook.office365.com portal.azure.com substrate.office.com osi.office.net .digicert.com .globalsign.com .globalsign.net msocsp.com ocsp.msocsp.com pki.goog .pki.goog ocsp.godaddy.com amazontrust.com .amazontrust.com ocsp.sectigo.com pki-goog.l.google.com .usertrust.com ocsp.comodoca.com ocsp.verisign.com ocsp.entrust.net ocsp.identrust.com status.rapidssl.com status.thawte.com ocsp.int-x3.letsencrypt.org subca.ocsp-certum.com cscasha2.ocsp-certum.com crl.verisign.com C:\Program Files\SentinelOne\Sentinel Agent;\SentinelAgent.exe .spotify.com .spotify.map.fastly.net C:\Windows\SystemApps\Microsoft.Windows.Search;SearchApp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\updater.exe C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Program Files\Mozilla Firefox\pingsender.exe C:\Program Files\Git\cmd\git.exe C:\Program Files\Git\mingw64\bin\git.exe C:\Program Files\Git\mingw64\libexec\git-core\git.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\ \BHO\ie_to_edge_stub.exe C:\Program Files (x86)\Microsoft\Edge\Application\ \identity_helper.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\ \MicrosoftEdge_X64_ C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\XDelta64\xdelta3.exe unknown process C:\Program Files\Microsoft VS Code\Code.exe C:\Windows\System32\wbem\WMIADAP.exe C:\WindowsAzure\GuestAgent;\WindowsAzureGuestAgent.exe C:\Packages\Plugins\Microsoft.Azure.Monitor.AzureMonitorWindowsAgent\;\AMAExtHealthMonitor.exe C:\WindowsAzure\Logs\AggregateStatus\aggregatestatus \appdata\local\google\chrome\user data\swreporter\;software_reporter_tool.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\Prefetch;.pf NETWORK SERVICE; LOCAL SERVICE