drop file listing or mft csv and process execution data · identify cases where a dll was loaded from unexpected path · detect sideloading and search order hijacking · correlate with execution artifacts · runs locally
drop file listing or mft csv and process execution data · local only
heuristic screener · vendor schema varies · not definitive proof