I tried to analyzes the attack data of sysmon, and finded we8105desk.waynecorpinc.local has affected. Under AppData folder one osk.exe file is running is malware and finded who created by following EventID1 and finded it is fileExplorer.
Please verify my finding are right or not.
I tried to analyzes the attack data of sysmon, and finded we8105desk.waynecorpinc.local has affected. Under AppData folder one osk.exe file is running is malware and finded who created by following EventID1 and finded it is fileExplorer.
Please verify my finding are right or not.