Pid

Process ID.

Image_path (ImagePath)

Path to the executed file.

Command_line

Command line parameters.

Source_pid

Process ID of process which requests RPC.

Source_image_path

Path to the parent executed file of the process which requests RPC.

Source_command_line

Command line parameters for the parent executed file of the process which requests RPC.

Parent_pid

Parent process ID.

Parent_image_path

Path to the parent executed file.

Parent_command_line

Parent command line parameters.

Service_name

Service name.

Service_path

File path for services.

Registry_key

Windows registry key (for example, HKEY_LOCAL_MACHINE\ELAM\Windows Defender).

Registry_value_name

Windows registry value name (for example, Name).

Registry_value

Windows registry value (for example, Data).

Loaded_image_path

The Image_path parameter of the dropped file, which is loaded to process.

Dropper_pid

The Pid parameter of process which dropped a file.

Dropper_image_path

The Image_path parameter of process which dropped a file.

File_path

Path to file on the disk.

Target_file_path

Path to target file on disk.

Target_pid

Target process ID.

Target_image_path

Path to target executed file.

Target_Command_line

Command line of target process.

URL

Destination web address.

Source_ip

Source IP address.

Source_port

Source port number.

Destination_ip

Destination IP address, may include port number.

Destination_port

Destination port number.

Protocol

Network protocol.

String

Extracted string from executed process memory.

Pipe

Name of pipe.

Privilege_name

Privilege name.

Timeout

Time of sleep mode.