Whoami.EXE Execution With Output Option (c30fb093-1109-4dc8-88a8-b30d11c95a5d)
Detects the execution of "whoami.exe" with the "/FO" flag to choose CSV as output format or with redirection options to export the results to a file for later use.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) | Attack Pattern | Whoami.EXE Execution With Output Option (c30fb093-1109-4dc8-88a8-b30d11c95a5d) | Sigma-Rules | 1 |