select * from file where path in ('/usr/sbin/mech', '/usr/sbin/kswapd');

select * from launchd where name like 'com.ab.kl%.plist';

select * from file where path in ('/usr/share/.aPa');

select * from registry where key like 'HKEY_LOCAL_MACHINE\SOFTWARE\%Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%\DisableExceptionChainValidation'

select * from registry where key like 'HKEY_LOCAL_MACHINE\SOFTWARE\%Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%\executeOptions'

select * from registry where key like 'HKEY_LOCAL_MACHINE\SOFTWARE\%Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%\MitigationOptions'

select * from app_schemes;

select * from registry where key='HKEY_LOCAL_MACHINE\SOFTWARE\%Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers'

select * from apt_sources;

select * from file where path in ('/dev/ptyxx');