insanitybit/after.query

## after.query

        query
        {

        RootBindingres0 as var(func: has(process_id)) @cascade {
            uid,
            node_key,
            process_name
            process_id

            children  {
                uid,
                node_key,
                process_name
                process_id

            }

        }


        var(func: eq(process_name, "svchost.exe")) @cascade {
            uid,
            node_key,
            process_name
            process_id

            RootBindingres1 as ~children  {
                uid,
                node_key,
                process_name
                process_id

            }

        }


            resCoalesce as var(func: uid(RootBindingres0, RootBindingres1))
            @cascade

            @filter((
	(has(node_key))
)AND(
	(NOT eq(process_name, "services.exe") AND NOT eq(process_name, "smss.exe") AND NOT eq(process_name, "ngentask.exe") AND NOT eq(process_name, "userinit.exe") AND NOT eq(process_name, "GoogleUpdate.exe") AND NOT eq(process_name, "conhost.exe") AND NOT eq(process_name, "MpCmdRun.exe"))
))

            {
                uid,
                process_name,
                node_key,
                process_id,

            children @filter((
	(has(node_key))
)AND(
	(eq(process_name, "svchost.exe"))
)) {
                uid,
                node_key,
                process_name
                process_id

            }

            }


        res(func: uid(resCoalesce) , first: 1000)
        @cascade

        @filter((
	(has(node_key))
)AND(
	(NOT eq(process_name, "services.exe") AND NOT eq(process_name, "smss.exe") AND NOT eq(process_name, "ngentask.exe") AND NOT eq(process_name, "userinit.exe") AND NOT eq(process_name, "GoogleUpdate.exe") AND NOT eq(process_name, "conhost.exe") AND NOT eq(process_name, "MpCmdRun.exe"))
))

        {
            uid,
            ,
            process_name,
            node_key,
            process_id,

            children @filter((
	(has(node_key))
)AND(
	(eq(process_name, "svchost.exe"))
)) {
                uid,
                node_key,
                process_name
                process_id

            }

        }

        }

	query
	{

	RootBindingres0 as var(func: has(process_id)) @cascade {
	uid,
	node_key,
	process_name
	process_id

	children {
	uid,
	node_key,
	process_name
	process_id

	}

	}


	var(func: eq(process_name, "svchost.exe")) @cascade {
	uid,
	node_key,
	process_name
	process_id

	RootBindingres1 as ~children {
	uid,
	node_key,
	process_name
	process_id

	}

	}



	resCoalesce as var(func: uid(RootBindingres0, RootBindingres1))
	@cascade

	@filter((
	(has(node_key))
	)AND(
	(NOT eq(process_name, "services.exe") AND NOT eq(process_name, "smss.exe") AND NOT eq(process_name, "ngentask.exe") AND NOT eq(process_name, "userinit.exe") AND NOT eq(process_name, "GoogleUpdate.exe") AND NOT eq(process_name, "conhost.exe") AND NOT eq(process_name, "MpCmdRun.exe"))
	))

	{
	uid,
	process_name,
	node_key,
	process_id,

	children @filter((
	(has(node_key))
	)AND(
	(eq(process_name, "svchost.exe"))
	)) {
	uid,
	node_key,
	process_name
	process_id

	}

	}


	res(func: uid(resCoalesce) , first: 1000)
	@cascade

	@filter((
	(has(node_key))
	)AND(
	(NOT eq(process_name, "services.exe") AND NOT eq(process_name, "smss.exe") AND NOT eq(process_name, "ngentask.exe") AND NOT eq(process_name, "userinit.exe") AND NOT eq(process_name, "GoogleUpdate.exe") AND NOT eq(process_name, "conhost.exe") AND NOT eq(process_name, "MpCmdRun.exe"))
	))

	{
	uid,
	,
	process_name,
	node_key,
	process_id,

	children @filter((
	(has(node_key))
	)AND(
	(eq(process_name, "svchost.exe"))
	)) {
	uid,
	node_key,
	process_name
	process_id

	}

	}

	}