Hide Navigation Hide TOC Renamed Vmnat.exe Execution (7b4f794b-590a-4ad4-ba18-7964a2832205) Detects renamed vmnat.exe or portable version that can be used for DLL side-loading Cluster A Galaxy A Cluster B Galaxy B Level DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Renamed Vmnat.exe Execution (7b4f794b-590a-4ad4-ba18-7964a2832205) Sigma-Rules 1 Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2