or ((match(process, "\.exe(\x22)?\s+tunnel\s?$") and like(process, "%--name %") ...
a C2 channel, accounting for instances where the binary has been renamed.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback