potentially suspicious child

https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_conhost_susp_winshell_child_process/ Potentially Suspicious Child Processes Spawned by ConHost | Detection.FYI Detects suspicious child processes related to Windows Shell utilities spawned by conhost.exe, which could indicate malicious activity using trusted system … potentially suspicious child processes spawned detection fyi https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_regsvr32_susp_child_process/ Potentially Suspicious Child Process Of Regsvr32 | Detection.FYI Detects potentially suspicious child processes of potentially suspicious child detection fyi process regsvr32 https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_wscript_cscript_susp_child_processes/ Cscript/Wscript Potentially Suspicious Child Process | Detection.FYI Detects potentially suspicious child processes of Wscript/Cscript. These include processes such as rundll32 with uncommon exports or PowerShell spawning … potentially suspicious child process detection fyi wscript

Robuta