1
0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00

Update detecting_ph_process.md

This commit is contained in:
mether049 2020-03-01 03:43:34 +09:00 committed by GitHub
parent babf0fe8ba
commit 7538cc3398
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -139,7 +139,7 @@ PS> eqllib query -f my-sysmon-data.json --source "Microsoft Sysmon" $eql | Conv
``` ```
eqllib query -f my-sysmon-data.json --source "Microsoft Sysmon" "process where pid=7356" eqllib query -f my-sysmon-data.json --source "Microsoft Sysmon" "process where pid=7356"
``` ```
![](https://github.com/mether049/malware/blob/master/Trickbot/img/Identification%20of%20Hollowed%20out%20processes/eql1.PNG) ![](https://github.com/mether049/malware/blob/master/Trickbot/img/Identification%20of%20Hollowed%20out%20processes/eql2.PNG?raw=true)
``` ```
eqllib query -f my-sysmon-data.json --source "Microsoft Sysmon" "process where pid=11228" eqllib query -f my-sysmon-data.json --source "Microsoft Sysmon" "process where pid=11228"