Hi guys,
-been stuck on this question for hours…could not find the answer and due to lack of experience dealing with sysmon I didnt realize that every time I tried to open DLLHijacking event log file I was actually opening the live logs on the computer… so make sure you select the actual file from the Saved logs at the bottom of the left tab and then, following some of the suggestions from above you will find the answer.
1 Like
How can i get the answer on this question?
By examining the logs located in the “C:\Logs\PowershellExec” directory, determine the process that injected into the process that executed unmanaged PowerShell code. Enter the process name as your answer. Answer format: _.exe
I believe that is svchost.exe, but it doesn’t work
I already have name of process that executed unmanaged PowerShell code, but can`t answer this question
Please help me
That’s a great tip!