Sysmon Discovery Via Default Driver Altitude Using Findstr.EXE (37db85d1-b089-490a-a59a-c7b6f984f480)

Detects usage of "findstr" with the argument "385201". Which could indicate potential discovery of an installed Sysinternals Sysmon service using the default driver altitude (even if the name is changed).

Rows: 2
Loading extensions...
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, **[empty]**, **[nonempty]**, **rgx:**
Learn more
TableFilter v0.7.2
https://www.tablefilter.com/
©2015-2025 Max Guglielmi
Close
?
Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Attack Pattern		Clear Attack Pattern Sigma-Rules	Clear 1 2
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Sysmon Discovery Via Default Driver Altitude Using Findstr.EXE (37db85d1-b089-490a-a59a-c7b6f984f480)	Sigma-Rules	1
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384)	Attack Pattern	Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58)	Attack Pattern	2

Sysmon Discovery Via Default Driver Altitude Using Findstr.EXE (37db85d1-b089-490a-a59a-c7b6f984f480)

TableFilter v0.7.2