WTFBins?!

What is it with antivirus and weird DNS?

A little wmic enumeration

Nacho dwm

IBM's pcsnp.exe just...what

TFW the vuln scanner runs offensive tools.

Who needs protection? Not LSA!

Nothing to see here

JetBrains queries security tools.

IBM creates WMI false positives

Cisco enumerates your system.

Windows being sus? Inconceivable!

Windows Config Manager CCM.exe runs b64-encoded powershell.

Who doesn't love CScript?

How to look like malware, by RingCentral

Not the Bloodhound you're thinking of.

Named after legitimate Windows binaries, in the wrong location.

A little LSASS, as a treat.

Ivanti does some weird stuff

Yet another PowerShell weirdo.

Not just bad guys run whoami.

McAfee also loves big DNS queries!

Everybody loves a big DNS query!

EaseUS and bizarre Scheduled Tasks.

Avast scans your network on the sly.

SenseNDR base64 encoding

Whoami? HostedAgent, of course!

Random file extensions from iManage

Base64-encoded PowerShell from Azure's own agent!

Guests are not invited to Everyone shares.

How much can an EDR look like malware?

Yet another base64-loving process.

The Nim language installer binaries in certain versions trigger Windows Defender.

Windows uses random high service ports for a variety of functions.

Bizarre sub-processes.

WMIExec-ish NDCC

Adobe Reader for no reason starts a subprocess using the command line "I run".