DLL Execution Via Register-cimprovider.exe (a2910908-e86f-4687-aeba-76a5f996e652)
Detects using register-cimprovider.exe to execute arbitrary dll file.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) | Attack Pattern | DLL Execution Via Register-cimprovider.exe (a2910908-e86f-4687-aeba-76a5f996e652) | Sigma-Rules | 1 |