1  Use a honeypot file to detect active ransomware and dump the process in hopes of finding the key, packaged with InnoSetup
2  
3  = Pipeline =
4  Honeypot file touched/modified -> Sysmon event rule (modified to include pid as argument) -> Task scheduler -> Python process dump 
5  
6  = Tasks =
7  Task scheduler is triggered from any Event11 Sysmon rule currently, needs to be specific to ransomware triggers
8  	* need to add a name to the rule, and then filter in python to only trigger on that rule name
9  Package with InnoScript