LoFP
/
T1055.002
T1055.002
Title
Tags
false positives may be present based on sourceimage paths. if removing the paths is important, realize svchost and many native binaries inject into notepad consistently. restrict or tune as needed.
t1055
T1055.002
endpoint
splunk
some security products or third party applications may utilize createremotethread, filter as needed before enabling as a notable.
t1055
T1055.002
endpoint
splunk
LoFP
/
T1055.002