Table 6 Counting of reading user documents
From: A flexible approach for cyber threat hunting based on kernel audit records
num | proc |
|---|---|
49 | {cmdLine:C:/WINDOWS/Explorer.EXE,cid:5172} |
17 | {cmdLine:“C:/Program Files/Mozilla Firefox/firefox.exe”, cid:9968} |
14 | {cmdLine:“C:/WINDOWS/system32/SearchProtocol-Host.exe”, cid:2560} |
9 | {cmdLine:“C:/ProgramData/Microsoft/Windows Defender/platform/4.12.17007.18022-0/MsMpEng.exe”,cid:3160} |
8 | {cmdLine:“C:/Program Files (x86)/Microsoft Office/Office15/EXCEL.EXE”/dde,cid:4328} |