*
False
False
Sysmon
AcroRd32.exe
/CR;channel=
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\LogTransport2.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P6\adobe_licutil.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P7\adobe_licutil.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P7\adobe_licutil.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
"C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe" -Embedding
"C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe"
"C:\Windows\system32\cscript.exe" /nologo "MonitorKnowledgeDiscovery.vbs"
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\program files (x86)\desktopcentral_agent\bin\
C:\program files\desktopcentral_server\bin\
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
C:\Program Files\NVIDIA Corporation\
C:\Program Files\Realtek\
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
C:\Program Files\ESET\ESET Nod32 Antivirus\ekrn.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=
C:\Program Files (x86)\Google\Update\
C:\Program Files (x86)\Google\Update\
C:\Program Files (x86)\RES Software\Workspace Manager\pfwsmgr.exe
C:\Program Files (x86)\RES Software\Workspace Manager\respesvc64.exe
C:\Program Files (x86)\Ivanti\Workspace Control\pfwsmgr.exe
C:\Program Files (x86)\RES Software\Workspace Manager\ResPesvc64.exe
C:\Program Files\RES Software\Workspace Manager\respesvc.exe
C:\Program Files\Ivanti\Workspace Control\ResPesvc.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
C:\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel
C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe
C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Splunk\bin\
C:\Program Files\Splunk\bin\splunkd.exe
C:\Program Files\Splunk\bin\splunk.exe
D:\Program Files\Splunk\bin\
D:\Program Files\Splunk\bin\splunkd.exe
D:\Program Files\Splunk\bin\splunk.exe
C:\Program Files\SplunkUniversalForwarder\bin\
C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe
C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe
D:\Program Files\SplunkUniversalForwarder\bin\
D:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe
D:\Program Files\SplunkUniversalForwarder\bin\splunk.exe
C:\Windows\system32\svchost.exe -k appmodel -s StateRepository
C:\Windows\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
C:\Windows\system32\svchost.exe -k camera -s FrameServer
C:\Windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\Windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\svchost.exe -k devicesflow -s DevicesFlowUserSvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k localService -s EventSystem
C:\Windows\system32\svchost.exe -k localService -s bthserv
C:\Windows\system32\svchost.exe -k localService -s nsi
C:\Windows\system32\svchost.exe -k localService -s w32Time
C:\Windows\system32\svchost.exe -k localServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s Dhcp
C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s EventLog
C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s TimeBrokerSvc
C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted -s WFDSConMgrSvc
C:\Windows\system32\svchost.exe -k localServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k localServiceAndNoImpersonation -s SensrSvc
C:\Windows\system32\svchost.exe -k localServiceNoNetwork
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -p -s WPDBusEnum
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -p -s fhsvc
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s DeviceAssociationService
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s NcbService
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s SensorService
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s TabletInputService
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s UmRdpService
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted -s WdiSystemHost
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\Windows\system32\svchost.exe -k netsvcs -p -s ncaSvc
C:\Windows\system32\svchost.exe -k netsvcs -s BDESVC
C:\Windows\system32\svchost.exe -k netsvcs -s BITS
C:\Windows\system32\svchost.exe -k netsvcs -s CertPropSvc
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
C:\Windows\system32\svchost.exe -k netsvcs -s Gpsvc
C:\Windows\system32\svchost.exe -k netsvcs -s ProfSvc
C:\Windows\system32\svchost.exe -k netsvcs -s SENS
C:\Windows\system32\svchost.exe -k netsvcs -s SessionEnv
C:\Windows\system32\svchost.exe -k netsvcs -s Themes
C:\Windows\system32\svchost.exe -k netsvcs -s Winmgmt
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k networkService -p -s DoSvc
C:\Windows\system32\svchost.exe -k networkService -s Dnscache
C:\Windows\system32\svchost.exe -k networkService -s LanmanWorkstation
C:\Windows\system32\svchost.exe -k networkService -s NlaSvc
C:\Windows\system32\svchost.exe -k networkService -s TermService
C:\Windows\system32\svchost.exe -k networkService
C:\Windows\system32\svchost.exe -k networkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k rPCSS
C:\Windows\system32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k unistackSvcGroup
C:\Windows\system32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k wbioSvcGroup
C:\Windows\system32\svchost.exe -k werSvcGroup
C:\WINDOWS\System32\svchost.exe -k wsappx -p -s ClipSVC
C:\WINDOWS\system32\svchost.exe -k wsappx -p -s AppXSvc
C:\Windows\system32\svchost.exe -k wsappx -s ClipSVC
C:\Windows\system32\svchost.exe -k wsappx
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k localSystemNetworkRestricted
C:\Program Files\Trend Micro\Deep Security Agent\ds_monitor.exe
C:\Program Files\Trend Micro\Deep Security Agent\dsa.exe
C:\Program Files\Trend Micro\Deep Security Agent\dsuam.exe
C:\Program Files\Trend Micro\Deep Security Agent\Notifier.exe
C:\Program Files\Trend Micro\Deep Security Agent\lib\Patch.exe
C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmopExtIns32.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmExtIns.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
C:\Program Files\Windows Defender\
C:\Windows\system32\MpSigStub.exe
C:\Windows\SoftwareDistribution\Download\Install\AM_
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\DllHost.exe /Processid
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\CompatTelRunner.exe
C:\Windows\System32\MusNotification.exe
C:\Windows\System32\MusNotificationUx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\conhost.exe
C:\Windows\System32\powercfg.exe
C:\Windows\System32\wbem\WmiApSrv.exe
C:\Windows\System32\wermgr.exe
C:\Windows\SysWOW64\wermgr.exe
C:\Windows\system32\sppsvc.exe
AppContainer
%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows
C:\Windows\system32\SearchIndexer.exe
AppData\Local\Google\Chrome\Application\chrome.exe
Root\VFS\ProgramFilesX86\Google\Chrome\Application\chrome.exe
\NVIDIA\NvBackend\ApplicationOntology\
OneDrive.exe
setup
slack.exe
AppData\Local\Microsoft\Teams\current\Teams.exe
AppData\Roaming\Dropbox\bin\Dropbox.exe
winlogbeat.exe
packetbeat.exe
C:\Program Files\ESET\ESET Nod32 Antivirus\ekrn.exe
C:\Windows\System32\lsass.exe
88
OneDrive.exe
OneDriveStandaloneUpdater.exe
ownCloud\owncloud.exe
C:\Program Files\Palo Alto Networks\Traps\cyserver.exe
udp
3389
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe
AppData\Roaming\Spotify\Spotify.exe
AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-ui.exe
AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe
C:\Program files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
.windowsupdate.microsoft.com
.windowsupdate.com
wustat.windows.com
go.microsoft.com
.update.microsoft.com
download.microsoft.com
microsoft.com.akadns.net
microsoft.com.nsatc.net
Intel
Valid
Microsoft
Valid
C:\Windows\System32\cscript.exe
scrobj.dll
powershell.exe
mscoree.dll;mscoreei.dll;mscoreeis.dll;clr.dll;clrjit.dll
VSTOInstaller.exe
C:\Windows\
C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe
C:\Users\;\AppData\Local\Microsoft\OneDrive\;\FileSyncTelemetryExtensions.dll
C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe
C:\Users\;\AppData\Local\Microsoft\OneDrive\;\FileCoAuthLib.dll
C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe
C:\Users\;\AppData\Local\Microsoft\OneDrive\;\OneDriveTelemetryStable.dll
C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe
C:\Users\;\AppData\Local\Microsoft\OneDrive\;\vcruntime140.dll
C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe
C:\Users\;\AppData\Local\Microsoft\OneDrive\;\UpdateRingSettings.dll
C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe
C:\Users\;\AppData\Local\Microsoft\OneDrive\;\LoggingPlatform.dll
C:\Users\;\AppData\Local\Microsoft\OneDrive;\FileCoAuth.exe
C:\Users\;\AppData\Local\Microsoft\OneDrive\;\FileCoAuth.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\netapi32.dll
C:\Windows\System32\svchost.exe
C:\Windows\System32\msvcp110_win.dll
C:\Windows\System32\svchost.exe
C:\Windows\System32\dsreg.dll
C:\Windows\System32\svchost.exe
C:\Windows\System32\perfctrs.dll
C:\Windows\System32\svchost.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\dwm.exe
C:\Windows\System32\csrss.exe
Google\Chrome\Application\chrome.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
C:\Program Files;\Common Files\Adobe\AdobeGCClient\AGMService.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
C:\Program Files\Adobe\Adobe Photoshop 2021\Photoshop.exe
C:\Program Files\Autodesk\Autodesk Desktop App
C:\Program Files (x86)\Autodesk\Autodesk Desktop App
C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe
C:\Windows\system32\cscript.exe
C:\WindowsAzure\GuestAgent_;CollectGuestLogs.exe
C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe
C:\Windows\CarbonBlack\cb.exe
software_reporter_tool.exe
software_reporter_tool.exe
0x1410
software_reporter_tool.exe
chrome.exe
0x1410
software_reporter_tool.exe
0x1410
C:\Program Files\Cisco\AMP\;sfc.exe
C:\Users\;\AppData\Local\Citrix\ICA Client\receiver\Receiver.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
c:\Program Files\Couchbase\Server\bin\sigar_port.exe
C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\;\OpenHandleCollector.exe
C:\Program Files\Elastic\Agent\data\;\metricbeat.exe
C:\Program Files;\FireEye\xagt\xagt.exe
C:\Program Files (x86)\Ivanti\Workspace Control\cpushld.exe
C:\Program Files (x86)\RES Software\Workspace Manager\cpushld.exe
C:\Program Files\Ivanti\Workspace Control\cpushld.exe
C:\Program Files\RES Software\Workspace Manager\cpushld.exe
wmiprvse.exe
GoogleUpdate.exe
LTSVC.exe
taskmgr.exe
VBoxService.exe
vmtoolsd.exe
\Citrix\System32\wfshell.exe
C:\Windows\System32\lsm.exe
Microsoft.Identity.AadConnect.Health.AadSync.Host.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection
0x1000
0x1400
0x101400
0x101000
C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe
C:\Program Files\McAfee\Agent\x86\macompatsvc.exe
C:\Users\;\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
C:\Users\;\AppData\Local\Microsoft\Teams\current\Teams.exe
C:\Users\;\AppData\Local\Microsoft\Teams\current\Teams.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\ProgramData\Microsoft\Windows Defender\Platform\;\MsMpEng.exe
C:\Program Files (x86)\Mobatek\MobaXterm\MobaXterm.exe
C:\Program Files\Palo Alto Networks\Traps\cyserver.exe
C:\Program Files\Qualys\QualysAgent\QualysAgent.exe
C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
C:\WINDOWS\CCM\CcmExec.exe
C:\Program Files\Splunk\bin\splunkd.exe
C:\Program Files\Microsoft VS Code\Code.exe
C:\Program Files\Microsoft VS Code\Code.exe
0x100000
C:\Program Files\Microsoft VS Code\Code.exe
C:\Program Files\Microsoft VS Code\Code.exe
0x1401
C:\Users\;\AppData\Local\Programs\Microsoft VS Code\Code.exe
C:\Users\;\AppData\Local\Programs\Microsoft VS Code\Code.exe
0x1401
C:\Program Files (x86)\VMware\VMWare Player\vmware-authd.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\WinZip\FAHWindow64.exe
C:\Program Files (x86)\Dell\CommandUpdate\InvColPC.exe
C:\Program Files\Elastic\Endpoint\elastic-endpoint.exe
C:\Program Files\Elastic\Endpoint\state\last-document-id.json
C:\Program Files\Elastic\Agent\data\
C:\Program Files\Elastic\Agent\data\;.ndjson
C:\Windows\system32\igfxCUIService.exe
C:\Program Files (x86)\Ivanti\Workspace Control\pfwsmgr.exe
C:\Program Files (x86)\RES Software\Workspace Manager\pfwsmgr.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
C:\Windows\Prefetch;.pf
C:\Windows\System32\smss.exe
C:\Windows\system32\CompatTelRunner.exe
C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\DriverStore\Temp\
C:\Windows\System32\wbem\Performance\
WRITABLE.TST
\AppData\Roaming\Microsoft\Windows\Recent\
C:\$WINDOWS.~BT\Sources\SafeOS\SafeOS.Mount\
C:\WINDOWS\winsxs\amd64_microsoft-windows
c:\Program Files\Microsoft Security Client\MsMpEng.exe
Outlook.exe
Roaming\Microsoft\Outlook\Outlook.xml
c:\windows\system32\provtool.exe
C:\Windows\system32\wsmprovhost.exe
C:\Users\;\AppData\Local\Temp;__PSScriptPolicyTest;.ps1
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\Temp;__PSScriptPolicyTest;.ps1
NT AUTHORITY\SYSTEM
C:\WINDOWS\CCM\CcmExec.exe
C:\Windows\CCM
C:\Windows\System32\Tasks\Microsoft\Windows\PLA\FabricTraces
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant
C:\Windows\System32\svchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
C:\Windows\System32\svchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\aciseposture.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Program Files\Cylance\Optics\CyOptics.exe
C:\Program Files\Cylance\Desktop\CylanceSvc.exe
svchost.exe
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters
svchost.exe
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
Toolbar\WebBrowser
Toolbar\WebBrowser\ITBar7Height
Toolbar\ShellBrowser\ITBar7Layout
Internet Explorer\Toolbar\Locked
ShellBrowser
C:\Program Files (x86)\Ivanti\Workspace Control\pfwsmgr.exe
C:\Program Files\RES Software\Workspace Manager\pfwsmgr.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security
C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe
C:\Program Files\McAfee\Endpoint Security\Adaptive Threat Protection\mfeatp.exe
C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe
C:\Program Files\Common Files\McAfee\Engine\AMCoreUpdater\amupdate.exe
C:\Program Files\McAfee\Agent\masvc.exe
C:\Program Files\McAfee\Agent\x86\mfemactl.exe
C:\Program Files\McAfee\Agent\x86\McScript_InUse.exe
C:\Program Files\McAfee\Agent\x86\macompatsvc.exe
C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeensppl.exe
C:\Program Files\Common Files\McAfee\Engine\scanners
C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe
C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe
C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe
HKLM\System\CurrentControlSet\Services\HealthService\Parameters\Management Groups
\{CAFEEFAC-
CreateKey
HKLM\COMPONENTS
C:\Program Files\ownCloud\owncloud.exe
C:\Program Files (x86)\ownCloud\owncloud.exe
svchost.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks
C:\Program Files\SentinelOne\Sentinel Agent
System
C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
C:\Program Files (x86)\Webroot\WRSA.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Audit
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Audit\AuditPolicy
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit
\OpenWithProgids
\OpenWithList
\UserChoice
\UserChoice\ProgId
\UserChoice\Hash
\OpenWithList\MRUList
} 0xFFFF
Office\root\integration\integrator.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe
\CurrentVersion\App Paths
\CurrentVersion\Image File Execution Options
\CurrentVersion\Shell Extensions\Cached
\CurrentVersion\Shell Extensions\Approved
}\PreviousPolicyAreas
\Control\WMI\Autologger\
HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc\Start
\Lsa\OfflineJoin\CurrentValue
\Components\TrustedInstaller\Events
\Components\TrustedInstaller
\Components\Wlansvc
\Components\Wlansvc\Events
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\
\Directory\shellex
\Directory\shellex\DragDropHandlers
\Drive\shellex
\Drive\shellex\DragDropHandlers
_Classes\AppX
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\
SOFTWARE;\Microsoft\EnterpriseCertificates\Disallowed
SOFTWARE;\Microsoft\SystemCertificates\Disallowed
Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\$WINDOWS.~BT\
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
C:\Windows\system32\lsass.exe
HKLM\System\CurrentControlSet\Services
SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization
C:\Windows\System32\svchost.exe
HKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTime
HKLM\System\CurrentControlSet\Services\SmsRouter\State\Registration\Ids
\services\clr_optimization_v2.0.50727_32\Start
\services\clr_optimization_v2.0.50727_64\Start
\services\clr_optimization_v4.0.30319_32\Start
\services\clr_optimization_v4.0.30319_64\Start
\services\DeviceAssociationService\Start
\services\BITS\Start
\services\TrustedInstaller\Start
\services\tunnel\Start
\services\UsoSvc\Start
C:\Program Files;\Common Files\Adobe\ARM\1.0\AdobeARM.exe
\32B6B37A-4A7D-4e00-95F2-
thsnYaVieBoda
C:\Program Files;\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
\com.adobe.reader.rna.;\mojo
C:\Program Files;\Common Files\Adobe\AdobeGCClient\AGMService.exe
\gc_pipe_
C:\Program Files;\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
\uv\
"C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe"
C:\Users\;\AppData\Local\Programs\Call Manager\Call Manager.exe
\crashpad_;\mojo.;\uv\
C:\Program Files;\Citrix\ICA Client\SelfServicePlugin\SelfService.exe
C:\Program Files;\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files;\Citrix\ICA Client\wfcrun32.exe
C:\Program Files;\Citrix\ICA Client\concentr.exe
C:\Users\;\AppData\Local\Citrix\ICA Client\receiver\Receiver.exe
C:\Users\;\AppData\Local\Citrix\ICA Client\SelfServicePlugin\SelfService.exe
C:\Program Files;\FireEye\xagt\xagt.exe
C:\Program Files;\Google\Update\Install\;setup.exe
\crashpad_
C:\Program Files;\Google\Chrome\Application\chrome.exe
\mojo.
C:\Program Files;\Google\Chrome\Application\;\Installer\chrmstp.exe
\crashpad_
\Vivisimo Velocity
C:\Program Files;\Microsoft\Edge\Application\msedge.exe
\LOCAL\mojo.
C:\Program Files;\Microsoft\Edge\Application\msedge.exe
\LOCAL\chrome.sync.
C:\Program Files;\Microsoft\Edge\Application\msedge.exe
\LOCAL\crashpad_
C:\Program Files;\Microsoft Office\root\Office16\OUTLOOK.EXE
\MsFteWds
C:\Users\;\AppData\Local\Microsoft\Teams\current\Teams.exe
\mojo.
C:\Users\;\AppData\Local\Microsoft\Teams\current\Teams.exe
\chrome.sync.
C:\Program Files;\Mozilla Firefox\firefox.exe
\cubeb-pipe-
C:\Program Files;\Mozilla Firefox\firefox.exe
\chrome.
C:\Program Files;\Mozilla Firefox\firefox.exe
\gecko-crash-server-pipe.
\SQLLocal\MSSQLSERVER
\SQLLocal\INSTANCE01
\SQLLocal\SQLEXPRESS
\SQLLocal\COMMVAULT
\SQLLocal\RTCLOCAL
\SQLLocal\RTC
\SQLLocal\TMSM
Program Files (x86)\Microsoft SQL Server\110\DTS\binn\dtexec.exe
PostgreSQL\9.6\bin\postgres.exe
\pgsignal_
Program Files\Qlik\Sense\Engine\Engine.exe
C:\Program Files;\Qualys\QualysAgent\QualysAgent.exe
Program Files\SplunkUniversalForwarder\bin\splunkd.exe
Program Files\SplunkUniversalForwarder\bin\splunk.exe
Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe
Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\CMAgent\OfcCMAgent.exe
Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe
Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe
Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\web\service\verconn.exe
Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\WEB_OSCE\WEB\CGI\cgiOnClose.exe
Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\WEB_OSCE\WEB\CGI\cgiRqHotFix.exe
Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\LWCS\LWCSService.exe
Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\WSS\iCRCService.exe
Program Files\Trend\SPROTECT\x64\tsc.exe
Program Files\Trend\SPROTECT\x64\tsc64.exe
Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\web\service\osceintegrationservice.exe
Program Files (x86)\Trend Micro\OfficeScan\PCCSRV\web\service\OfcLogReceiverSvc.exe
\Trend Micro OSCE Command Handler Manager
\Trend Micro OSCE Command Handler2 Manager
\Trend Micro Endpoint Encryption ToolBox Command Handler Manager
\OfcServerNamePipe
\ntapvsrq
\srvsvc
\wkssvc
\lsass
\winreg
\spoolss
Anonymous Pipe
c:\windows\system32\inetsrv\w3wp.exe
.1rx.io
.2mdn.net
.adadvisor.net
.adap.tv
.addthis.com
.adform.net
.adnxs.com
.adroll.com
.adrta.com
.adsafeprotected.com
.adsrvr.org
.advertising.com
.amazon-adsystem.com
.amazon-adsystem.com
.analytics.yahoo.com
.aol.com
.betrad.com
.bidswitch.net
.casalemedia.com
.chartbeat.net
.cnn.com
.convertro.com
.criteo.com
.criteo.net
.crwdcntrl.net
.demdex.net
.domdex.com
.dotomi.com
.doubleclick.net
.doubleverify.com
.emxdgt.com
.exelator.com
.google-analytics.com
.googleadservices.com
.googlesyndication.com
.googletagmanager.com
.googlevideo.com
.gstatic.com
.gvt1.com
.gvt2.com
.ib-ibi.com
.jivox.com
.mathtag.com
.moatads.com
.moatpixel.com
.mookie1.com
.myvisualiq.net
.netmng.com
.nexac.com
.openx.net
.optimizely.com
.outbrain.com
.pardot.com
.phx.gbl
.pinterest.com
.pubmatic.com
.quantcount.com
.quantserve.com
.revsci.net
.rfihub.net
.rlcdn.com
.rubiconproject.com
.scdn.co
.scorecardresearch.com
.serving-sys.com
.sharethrough.com
.simpli.fi
.sitescout.com
.smartadserver.com
.snapads.com
.spotxchange.com
.taboola.com
.taboola.map.fastly.net
.tapad.com
.tidaltv.com
.trafficmanager.net
.tremorhub.com
.tribalfusion.com
.turn.com
.twimg.com
.tynt.com
.w55c.net
.ytimg.com
.zorosrv.com
1rx.io
adservice.google.com
ampcid.google.com
clientservices.googleapis.com
googleadapis.l.google.com
imasdk.googleapis.com
l.google.com
ml314.com
mtalk.google.com
update.googleapis.com
www.googletagservices.com
.mozaws.net
.mozilla.com
.mozilla.net
.mozilla.org
clients1.google.com
clients2.google.com
clients3.google.com
clients4.google.com
clients5.google.com
clients6.google.com
safebrowsing.googleapis.com
.akadns.net
.netflix.com
.aspnetcdn.com
ajax.googleapis.com
cdnjs.cloudflare.com
fonts.googleapis.com
.typekit.net
cdnjs.cloudflare.com
.stackassets.com
.steamcontent.com
.arpa.
.arpa
.msftncsi.com
.localmachine
localhost
C:\ProgramData\LogiShrd\LogiOptions\Software\Current\updater.exe
.logitech.com
C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
-pushp.svc.ms
.b-msedge.net
.bing.com
.hotmail.com
.live.com
.live.net
.s-microsoft.com
.microsoft.com
.microsoftonline.com
.microsoftstore.com
.ms-acdc.office.com
.msedge.net
.msn.com
.msocdn.com
.skype.com
.skype.net
.windows.com
.windows.net.nsatc.net
.windowsupdate.com
.xboxlive.com
login.windows.net
outlook.office.com
statics.teams.cdn.office.net
acdc-direct.office.com
.fp.measure.office.com
office365.com
.activedirectory.windowsazure.com
.aria.microsoft.com
.msauth.net
.msftauth.net
.opinsights.azure.com
management.azure.com
outlook.office365.com
portal.azure.com
substrate.office.com
osi.office.net
.digicert.com
.globalsign.com
.globalsign.net
msocsp.com
ocsp.msocsp.com
pki.goog
.pki.goog
ocsp.godaddy.com
amazontrust.com
.amazontrust.com
ocsp.sectigo.com
pki-goog.l.google.com
.usertrust.com
ocsp.comodoca.com
ocsp.verisign.com
ocsp.entrust.net
ocsp.identrust.com
status.rapidssl.com
status.thawte.com
ocsp.int-x3.letsencrypt.org
subca.ocsp-certum.com
cscasha2.ocsp-certum.com
crl.verisign.com
C:\Program Files\SentinelOne\Sentinel Agent;\SentinelAgent.exe
.spotify.com
.spotify.map.fastly.net
C:\Windows\SystemApps\Microsoft.Windows.Search;SearchApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\updater.exe
C:\Program Files\Mozilla Firefox\default-browser-agent.exe
C:\Program Files\Mozilla Firefox\pingsender.exe
C:\Program Files\Git\cmd\git.exe
C:\Program Files\Git\mingw64\bin\git.exe
C:\Program Files\Git\mingw64\libexec\git-core\git.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
C:\Program Files (x86)\Microsoft\Edge\Application\
\BHO\ie_to_edge_stub.exe
C:\Program Files (x86)\Microsoft\Edge\Application\
\identity_helper.exe
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\
\MicrosoftEdge_X64_
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\XDelta64\xdelta3.exe
unknown process
C:\Program Files\Microsoft VS Code\Code.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\WindowsAzure\GuestAgent;\WindowsAzureGuestAgent.exe
C:\Packages\Plugins\Microsoft.Azure.Monitor.AzureMonitorWindowsAgent\;\AMAExtHealthMonitor.exe
C:\WindowsAzure\Logs\AggregateStatus\aggregatestatus
\appdata\local\google\chrome\user data\swreporter\;software_reporter_tool.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Prefetch;.pf
NETWORK SERVICE; LOCAL SERVICE