F021LOW
Dashlane.exe listening on localhost high port 49784
vol_cmdlinevol_handlesvol_netscanvol_pstree
Benign / FP50 proofs
F029MEDIUM
RDP connections to multiple internal hosts from compromised system
vol_netscan
Benign / FP14 proofs
F035MEDIUM
Established connections to external IPs (13.89.220.65, 52.16.55.11) with CLOSED state
vol_netscan
Benign / FP6 proofs
F042MEDIUM
Conhost.exe with SeDebugPrivilege and SeImpersonatePrivilege (Privilege Escalation Context)
vol_privileges
Benign / FP0 proofs
F050LOW
Jump List evidence of administrative tool access (Application Access History)
extract_mft_timelineextract_network_iocsparse_userassistrun_jlecmd+1
Benign / FP0 proofs