Sysmon - Network Connection - What triggered Rundll32.exe RRS feed

  • Question

  • Hi, I've got Sysmon enabled with network connections and I see rundll32.exe making an outbound connection. I'm trying to figure out what initiated this call to rundll32.exe from the logs. Any way via logging that we can detect what triggered this?

    Doug S

    Monday, November 5, 2018 9:09 PM