Aggregated Events

This information can be found here:

File modifications—How many file modifications were made by this process. By clicking the path, you are redirected to the Events view

Registry modifications—How many registry modifications were made by this process. By clicking the path, you are redirected to the Events view

Network modifications—How many network connections were made by this process. By clicking the path, you are redirected to the Events view

URL connections—Number of URLs to which the process connected. By clicking the path, you are redirected to the Events view

Dropped Executables—List of executables dropped by this process. When you click the name of the executable in the left column, you are redirected to Executable details. By clicking the path, you are redirected to the Events view

 

Click Show Sub-Process Events if you want to see the child process events as well.

As an additional filter, there is an Argument field in which you can specify, for example, the path to the file modifications, registry key in registry modifications, and so on.

 

If there are too many results, only a part of them is loaded.

You can click the LOAD MORE button to load more events or click the LOAD ALL button to load all events, but be aware that it can take a big amount of time to load all results at once.

The process tree on the right side—The process tree reflects the parent-child relationship between processes where child processes are shown directly beneath their parent and right-indented. Processes that are on the left are orphans, and their parent has exited.