Potential Provlaunch.EXE Binary Proxy Execution Abuse (7f5d1c9a-3e83-48df-95a7-2b98aae6c13c)
Detects child processes of "provlaunch.exe" which might indicate potential abuse to proxy execution.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Potential Provlaunch.EXE Binary Proxy Execution Abuse (7f5d1c9a-3e83-48df-95a7-2b98aae6c13c) | Sigma-Rules | System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) | Attack Pattern | 1 |