drop sysmon network evtx csv prefetch and registry export · detect proxy tool usage and local socks proxy configuration · identify traffic routing through proxy chains · surface proxy-based anonymization artifacts · runs locally
drop sysmon network evtx csv prefetch and registry export · local only
heuristic screener · vendor schema varies · not definitive proof