Hide Navigation Hide TOC PUA - AdvancedRun Execution (d2b749ee-4225-417e-b20e-a8d2193cbb84) Detects the execution of AdvancedRun utility Cluster A Galaxy A Cluster B Galaxy B Level Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern PUA - AdvancedRun Execution (d2b749ee-4225-417e-b20e-a8d2193cbb84) Sigma-Rules 1 PUA - AdvancedRun Execution (d2b749ee-4225-417e-b20e-a8d2193cbb84) Sigma-Rules Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1 PUA - AdvancedRun Execution (d2b749ee-4225-417e-b20e-a8d2193cbb84) Sigma-Rules Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 1 Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2 Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2 Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2