child process detection - Robuta Search

https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_speechruntime_child_process/ Suspicious Speech Runtime Binary Child Process | Detection.FYI Detects suspicious Speech Runtime Binary Execution by monitoring its child processes. Child processes spawned by SpeechRuntime.exe could indicate an attempt... child process detection suspicious speech runtime binary https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_mshta_susp_child_processes/ Suspicious MSHTA Child Process | Detection.FYI Detects a suspicious process spawning from an child process detection suspicious mshta fyi https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_office_outlook_susp_child_processes/ Suspicious Outlook Child Process | Detection.FYI Detects a suspicious process spawning from an Outlook process. child process detection suspicious outlook fyi https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_sigverif_uncommon_child_process/ Uncommon Sigverif.EXE Child Process | Detection.FYI Detects uncommon child processes spawning from child process detection uncommon exe fyi https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_wscript_cscript_susp_child_processes/ Cscript/Wscript Potentially Suspicious Child Process | Detection.FYI Detects potentially suspicious child processes of Wscript/Cscript. These include processes such as rundll32 with uncommon exports or PowerShell spawning … potentially suspicious child process detection fyi wscript https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_wlrmdr_uncommon_child_process/ Wlrmdr.EXE Uncommon Argument Or Child Process | Detection.FYI Detects the execution of child process detection exe uncommon argument fyi https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_appvlp_uncommon_child_process/ Uncommon Child Process Of Appvlp.EXE | Detection.FYI Detects uncommon child processes of Appvlp.EXE Appvlp or the Application Virtualization Utility is included with Microsoft Office. Attackers are able to abuse … exe detection fyi child process uncommon https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_regsvr32_susp_child_process/ Potentially Suspicious Child Process Of Regsvr32 | Detection.FYI Detects potentially suspicious child processes of potentially suspicious child detection fyi process regsvr32