I'm trying to trace an application/file that is calling out a domain(URL). I ran Process Monitor & Wireshark to find SVCHost.exe is responsible.
However, I'm unable to locate which file requested svchost.exe to connect over UDP.
SVC command line shows as follows:
C:\Windows\System32\svchost.exe -k NetworkService
The image path also points to the following directory.
C:\Windows\System32\svchost.exe
How do I find the exact file that is behind all this?P
