Wscript Or Cscript Suspicious Child Process
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation
Process Injection, Create or Modify System Process, Parent PID Spoofing, Access Token Manipulation
Exfiltration Over Unencrypted Non-C2 Protocol, Exfiltration Over Alternative Protocol
Process Injection
Rename System Utilities, Masquerading
Command and Scripting Interpreter, Component Object Model