Jump to content

tlightning

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by tlightning

  1. I was analysing a machine which I find out a malicious or at least unusul activity. There is a powershell.exe process which is parnet of a conhost.exe process. In the further analysis, I find out this conhost.exe process was parent of csrss and wininit processes. So I wanted to know, this activity can be malicious? if yes, how can I find out more information about these process? I have a memory dump from that machine and also volatility tool for analysis.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.