Windows Terminal Profile Settings Modification By Uncommon Process (9b64de98-9db3-4033-bd7a-f51430105f00)

Detects the creation or modification of the Windows Terminal Profile settings file "settings.json" by an uncommon process.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3)	Attack Pattern	Windows Terminal Profile Settings Modification By Uncommon Process (9b64de98-9db3-4033-bd7a-f51430105f00)	Sigma-Rules	1
Login Items - T1547.015 (84601337-6a55-4ad7-9c35-79e0d1ea2ab3)	Attack Pattern	Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf)	Attack Pattern	2