VHD Image Download Via Browser (8468111a-ef07-4654-903b-b863a80bbc95)

Detects creation of ".vhd"/".vhdx" files by browser processes. Malware can use mountable Virtual Hard Disk ".vhd" files to encapsulate payloads and evade security controls.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
VHD Image Download Via Browser (8468111a-ef07-4654-903b-b863a80bbc95)	Sigma-Rules	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	1
Develop Capabilities - T1587 (edadea33-549c-4ed1-9783-8f5a5853cbdf)	Attack Pattern	Malware - T1587.001 (212306d8-efa4-44c9-8c2d-ed3d2e224aa0)	Attack Pattern	2