Uncommon Child Process Of Appvlp.EXE (9c7e131a-0f2c-4ae0-9d43-b04f4e266d43)
Detects uncommon child processes of Appvlp.EXE Appvlp or the Application Virtualization Utility is included with Microsoft Office. Attackers are able to abuse "AppVLP" to execute shell commands. Normally, this binary is used for Application Virtualization, but it can also be abused to circumvent the ASR file path rule folder or to mark a file as a system file.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Uncommon Child Process Of Appvlp.EXE (9c7e131a-0f2c-4ae0-9d43-b04f4e266d43) | Sigma-Rules | System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) | Attack Pattern | 1 |