Hide Navigation Hide TOC Suspicious Cmdl32 Execution (f37aba28-a9e6-4045-882c-d5004043b337) lolbas Cmdl32 is use to download a payload to evade antivirus Cluster A Galaxy A Cluster B Galaxy B Level Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern Suspicious Cmdl32 Execution (f37aba28-a9e6-4045-882c-d5004043b337) Sigma-Rules 1 Suspicious Cmdl32 Execution (f37aba28-a9e6-4045-882c-d5004043b337) Sigma-Rules System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 1