AppX Package Installation Attempts Via AppInstaller.EXE (7cff77e1-9663-46a3-8260-17f2e1aa9d0a)
Detects DNS queries made by "AppInstaller.EXE". The AppInstaller is the default handler for the "ms-appinstaller" URI. It attempts to load/install a package from the referenced URL
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| AppX Package Installation Attempts Via AppInstaller.EXE (7cff77e1-9663-46a3-8260-17f2e1aa9d0a) | Sigma-Rules | Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) | Attack Pattern | 1 |