Suspicious High IntegrityLevel Conhost Legacy Option (3037d961-21e9-4732-b27a-637bcc7bf539)
ForceV1 asks for information directly from the kernel space. Conhost connects to the console application. High IntegrityLevel means the process is running with elevated privileges, such as an Administrator context.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Suspicious High IntegrityLevel Conhost Legacy Option (3037d961-21e9-4732-b27a-637bcc7bf539) | Sigma-Rules | Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) | Attack Pattern | 1 |