Suspicious File Created In PerfLogs (bbb7e38c-0b41-4a11-b306-d2a457b7ac2b)
Detects suspicious file based on their extension being created in "C:\PerfLogs\". Note that this directory mostly contains ".etl" files
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Suspicious File Created In PerfLogs (bbb7e38c-0b41-4a11-b306-d2a457b7ac2b) | Sigma-Rules | Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) | Attack Pattern | 1 |