Sysprep on AppData Folder (d5b9ae7a-e6fc-405e-80ff-2ff9dcc64e7e)
Detects suspicious sysprep process start with AppData folder as target (as used by Trojan Syndicasec in Thrip report by Symantec)
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Sysprep on AppData Folder (d5b9ae7a-e6fc-405e-80ff-2ff9dcc64e7e) | Sigma-Rules | Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) | Attack Pattern | 1 |