F034Inconclusivevalidator: blocked
Conhost.exe with sensitive privileges and null command line
Conhost.exe with sensitive privileges and null cmdline
Analyst narrative
Conhost.exe (console host) processes spawned with null command lines and sensitive privileges (SeDebug, SeImpersonate, SeLoadDriver, SeBackupPrivilege, SetakeOwnershipPrivilege, SeRestorePrivilege) enabled. Indicates injection or malware-controlled console hosting.
Claims asserted
pathConhost.exe with null command line and sensitive privileges
Proof chain · 0 facts
Every confirmed claim links by foreign key to the typed fact that validated it, and to the forensic tool that produced that fact. This is one finding_trace() query.
Source tools
vol_cmdlinevol_privilegesvol_pstree