File Download Via InstallUtil.EXE (75edd216-1939-4c73-8d61-7f3a0d85b5cc)
Detects use of .NET InstallUtil.exe in order to download arbitrary files. The files will be written to "%LOCALAPPDATA%\Microsoft\Windows\INetCache\IE\"
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| File Download Via InstallUtil.EXE (75edd216-1939-4c73-8d61-7f3a0d85b5cc) | Sigma-Rules | System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) | Attack Pattern | 1 |