Potential Provisioning Registry Key Abuse For Binary Proxy Execution (2a4b3e61-9d22-4e4a-b60f-6e8f0cde6f25)

Detects potential abuse of the provisioning registry key for indirect command execution through "Provlaunch.exe".

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Potential Provisioning Registry Key Abuse For Binary Proxy Execution (2a4b3e61-9d22-4e4a-b60f-6e8f0cde6f25)	Sigma-Rules	1