Suspicious Registry Modification From ADS Via Regini.EXE (77946e79-97f1-45a2-84b4-f37b5c0d8682)
Detects the import of an alternate data stream with regini.exe, regini.exe can be used to modify registry keys.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Suspicious Registry Modification From ADS Via Regini.EXE (77946e79-97f1-45a2-84b4-f37b5c0d8682) | Sigma-Rules | Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) | Attack Pattern | 1 |