Index of /github/opensearch-project/security-analytics/src/main/resources/rules/windows/process_creation/
../
proc_creation_win_7zip_cve_2022_29072.yml 05-Aug-2023 01:06 970
proc_creation_win_abusing_debug_privilege.yml 05-Aug-2023 01:06 1279
proc_creation_win_abusing_windows_telemetry_for..> 05-Aug-2023 01:06 1090
proc_creation_win_accesschk_usage_after_priv_es..> 05-Aug-2023 01:06 1447
proc_creation_win_ad_find_discovery.yml 05-Aug-2023 01:06 1385
proc_creation_win_advanced_ip_scanner.yml 05-Aug-2023 01:06 1273
proc_creation_win_advanced_port_scanner.yml 05-Aug-2023 01:06 756
proc_creation_win_alternate_data_streams.yml 05-Aug-2023 01:06 1233
proc_creation_win_always_install_elevated_msi_s..> 05-Aug-2023 01:06 937
proc_creation_win_always_install_elevated_windo..> 05-Aug-2023 01:06 1480
proc_creation_win_anydesk.yml 05-Aug-2023 01:06 1199
proc_creation_win_anydesk_silent_install.yml 05-Aug-2023 01:06 780
proc_creation_win_anydesk_susp_folder.yml 05-Aug-2023 01:06 1466
proc_creation_win_apt_actinium_persistence.yml 05-Aug-2023 01:06 742
proc_creation_win_apt_apt29_thinktanks.yml 05-Aug-2023 01:06 870
proc_creation_win_apt_babyshark.yml 05-Aug-2023 01:06 816
proc_creation_win_apt_bear_activity_gtr19.yml 05-Aug-2023 01:06 875
proc_creation_win_apt_bluemashroom.yml 05-Aug-2023 01:06 1082
proc_creation_win_apt_chafer_mar18.yml 05-Aug-2023 01:06 1361
proc_creation_win_apt_cloudhopper.yml 05-Aug-2023 01:06 652
proc_creation_win_apt_dragonfly.yml 05-Aug-2023 01:06 683
proc_creation_win_apt_elise.yml 05-Aug-2023 01:06 784
proc_creation_win_apt_emissarypanda_sep19.yml 05-Aug-2023 01:06 685
proc_creation_win_apt_empiremonkey.yml 05-Aug-2023 01:06 714
proc_creation_win_apt_equationgroup_dll_u_load.yml 05-Aug-2023 01:06 783
proc_creation_win_apt_evilnum_jul20.yml 05-Aug-2023 01:06 761
proc_creation_win_apt_gallium.yml 05-Aug-2023 01:06 1093
proc_creation_win_apt_gallium_sha1.yml 05-Aug-2023 01:06 1878
proc_creation_win_apt_gamaredon_ultravnc.yml 05-Aug-2023 01:06 888
proc_creation_win_apt_greenbug_may20.yml 05-Aug-2023 01:06 1800
proc_creation_win_apt_hafnium.yml 05-Aug-2023 01:06 2364
proc_creation_win_apt_hurricane_panda.yml 05-Aug-2023 01:06 693
proc_creation_win_apt_judgement_panda_gtr19.yml 05-Aug-2023 01:06 980
proc_creation_win_apt_ke3chang_regadd.yml 05-Aug-2023 01:06 1421
proc_creation_win_apt_lazarus_activity_apr21.yml 05-Aug-2023 01:06 983
proc_creation_win_apt_lazarus_activity_dec20.yml 05-Aug-2023 01:06 1243
proc_creation_win_apt_lazarus_loader.yml 05-Aug-2023 01:06 1200
proc_creation_win_apt_lazarus_session_highjack.yml 05-Aug-2023 01:06 807
proc_creation_win_apt_muddywater_dnstunnel.yml 05-Aug-2023 01:06 744
proc_creation_win_apt_mustangpanda.yml 05-Aug-2023 01:06 1086
proc_creation_win_apt_revil_kaseya.yml 05-Aug-2023 01:06 1733
proc_creation_win_apt_slingshot.yml 05-Aug-2023 01:06 818
proc_creation_win_apt_sofacy.yml 05-Aug-2023 01:06 1123
proc_creation_win_apt_sourgrum.yml 05-Aug-2023 01:06 1735
proc_creation_win_apt_ta17_293a_ps.yml 05-Aug-2023 01:06 658
proc_creation_win_apt_ta505_dropper.yml 05-Aug-2023 01:06 694
proc_creation_win_apt_taidoor.yml 05-Aug-2023 01:06 713
proc_creation_win_apt_tropictrooper.yml 05-Aug-2023 01:06 780
proc_creation_win_apt_turla_commands_critical.yml 05-Aug-2023 01:06 768
proc_creation_win_apt_turla_commands_medium.yml 05-Aug-2023 01:06 814
proc_creation_win_apt_turla_comrat_may20.yml 05-Aug-2023 01:06 811
proc_creation_win_apt_unc2452_cmds.yml 05-Aug-2023 01:06 1497
proc_creation_win_apt_unc2452_ps.yml 05-Aug-2023 01:06 1330
proc_creation_win_apt_unidentified_nov_18.yml 05-Aug-2023 01:06 732
proc_creation_win_apt_winnti_mal_hk_jan20.yml 05-Aug-2023 01:06 1125
proc_creation_win_apt_winnti_pipemon.yml 05-Aug-2023 01:06 810
proc_creation_win_apt_wocao.yml 05-Aug-2023 01:06 1451
proc_creation_win_apt_zxshell.yml 05-Aug-2023 01:06 826
proc_creation_win_arbitrary_shell_execution_via..> 05-Aug-2023 01:06 974
proc_creation_win_archiver_iso_phishing.yml 05-Aug-2023 01:06 1078
proc_creation_win_asr_bypass_via_appvlp_re.yml 05-Aug-2023 01:06 1314
proc_creation_win_atlassian_confluence_cve_2021..> 05-Aug-2023 01:06 1102
proc_creation_win_attrib_hiding_files.yml 05-Aug-2023 01:06 908
proc_creation_win_attrib_system.yml 05-Aug-2023 01:06 752
proc_creation_win_attrib_system_susp_paths.yml 05-Aug-2023 01:06 1474
proc_creation_win_automated_collection.yml 05-Aug-2023 01:06 1247
proc_creation_win_bad_opsec_sacrificial_process..> 05-Aug-2023 01:06 2153
proc_creation_win_base64_invoke_susp_cmdlets.yml 05-Aug-2023 01:06 1226
proc_creation_win_base64_listing_shadowcopy.yml 05-Aug-2023 01:06 959
proc_creation_win_base64_reflective_assembly_lo..> 05-Aug-2023 01:06 1994
proc_creation_win_bitsadmin_download.yml 05-Aug-2023 01:06 1171
proc_creation_win_bitsadmin_download_susp_domai..> 05-Aug-2023 01:06 1388
proc_creation_win_bitsadmin_download_susp_ext.yml 05-Aug-2023 01:06 1588
proc_creation_win_bitsadmin_download_susp_ip.yml 05-Aug-2023 01:06 1417
proc_creation_win_bitsadmin_download_susp_targe..> 05-Aug-2023 01:06 1052
proc_creation_win_bitsadmin_download_uncommon_t..> 05-Aug-2023 01:06 1139
proc_creation_win_bootconf_mod.yml 05-Aug-2023 01:06 1073
proc_creation_win_bypass_squiblytwo.yml 05-Aug-2023 01:06 1291
proc_creation_win_c3_load_by_rundll32.yml 05-Aug-2023 01:06 663
proc_creation_win_certoc_execution.yml 05-Aug-2023 01:06 804
proc_creation_win_change_default_file_assoc_sus..> 05-Aug-2023 01:06 853
proc_creation_win_change_default_file_associati..> 05-Aug-2023 01:06 1152
proc_creation_win_chrome_load_extension.yml 05-Aug-2023 01:06 766
proc_creation_win_cleanwipe.yml 05-Aug-2023 01:06 971
proc_creation_win_clip.yml 05-Aug-2023 01:06 676
proc_creation_win_cmd_delete.yml 05-Aug-2023 01:06 1022
proc_creation_win_cmd_dosfuscation.yml 05-Aug-2023 01:06 737
proc_creation_win_cmd_redirect.yml 05-Aug-2023 01:06 529
proc_creation_win_cmdkey_recon.yml 05-Aug-2023 01:06 938
proc_creation_win_cmstp_com_object_access.yml 05-Aug-2023 01:06 1631
proc_creation_win_cmstp_execution_by_creation.yml 05-Aug-2023 01:06 893
proc_creation_win_cobaltstrike_bloopers_cmd.yml 05-Aug-2023 01:06 1084
proc_creation_win_cobaltstrike_bloopers_modules..> 05-Aug-2023 01:06 1087
proc_creation_win_cobaltstrike_load_by_rundll32..> 05-Aug-2023 01:06 821
proc_creation_win_cobaltstrike_process_patterns..> 05-Aug-2023 01:06 1389
proc_creation_win_commandline_path_traversal.yml 05-Aug-2023 01:06 962
proc_creation_win_commandline_path_traversal_ev..> 05-Aug-2023 01:06 951
proc_creation_win_conhost_path_traversal.yml 05-Aug-2023 01:06 648
proc_creation_win_conti_cmd_ransomware.yml 05-Aug-2023 01:06 805
proc_creation_win_conti_sqlcmd.yml 05-Aug-2023 01:06 1055
proc_creation_win_control_panel_item.yml 05-Aug-2023 01:06 1090
proc_creation_win_copying_sensitive_files_with_..> 05-Aug-2023 01:06 1519
proc_creation_win_crackmapexec_patterns.yml 05-Aug-2023 01:06 1151
proc_creation_win_creation_mavinject_dll.yml 05-Aug-2023 01:06 1102
proc_creation_win_creative_cloud_node_abuse.yml 05-Aug-2023 01:06 839
proc_creation_win_credential_access_via_passwor..> 05-Aug-2023 01:06 812
proc_creation_win_crime_fireball.yml 05-Aug-2023 01:06 803
proc_creation_win_crime_maze_ransomware.yml 05-Aug-2023 01:06 1239
proc_creation_win_crime_snatch_ransomware.yml 05-Aug-2023 01:06 807
proc_creation_win_crypto_mining_monero.yml 05-Aug-2023 01:06 1170
proc_creation_win_curl_download.yml 05-Aug-2023 01:06 795
proc_creation_win_cve_2021_26857_msexchange.yml 05-Aug-2023 01:06 834
proc_creation_win_data_compressed_with_rar.yml 05-Aug-2023 01:06 1013
proc_creation_win_delete_systemstatebackup.yml 05-Aug-2023 01:06 973
proc_creation_win_detecting_fake_instances_of_h..> 05-Aug-2023 01:06 1044
proc_creation_win_dinjector.yml 05-Aug-2023 01:06 866
proc_creation_win_discover_private_keys.yml 05-Aug-2023 01:06 1018
proc_creation_win_dns_exfiltration_tools_execut..> 05-Aug-2023 01:06 654
proc_creation_win_dns_serverlevelplugindll.yml 05-Aug-2023 01:06 1013
proc_creation_win_dnscat2_powershell_implementa..> 05-Aug-2023 01:06 1094
proc_creation_win_dotnet.yml 05-Aug-2023 01:06 881
proc_creation_win_dsacls_abuse_permissions.yml 05-Aug-2023 01:06 1034
proc_creation_win_dsacls_password_spray.yml 05-Aug-2023 01:06 1000
proc_creation_win_dsim_remove.yml 05-Aug-2023 01:06 1182
proc_creation_win_dumpstack_log_evasion.yml 05-Aug-2023 01:06 625
proc_creation_win_embed_exe_lnk.yml 05-Aug-2023 01:06 726
proc_creation_win_encoded_frombase64string.yml 05-Aug-2023 01:06 799
proc_creation_win_encoded_iex.yml 05-Aug-2023 01:06 959
proc_creation_win_enumeration_for_credentials_c..> 05-Aug-2023 01:06 1825
proc_creation_win_enumeration_for_credentials_i..> 05-Aug-2023 01:06 1209
proc_creation_win_esentutl_webcache.yml 05-Aug-2023 01:06 901
proc_creation_win_etw_modification_cmdline.yml 05-Aug-2023 01:06 1530
proc_creation_win_etw_trace_evasion.yml 05-Aug-2023 01:06 1714
proc_creation_win_evil_winrm.yml 05-Aug-2023 01:06 866
proc_creation_win_exfiltration_and_tunneling_to..> 05-Aug-2023 01:06 669
proc_creation_win_expand_cabinet_files.yml 05-Aug-2023 01:06 1134
proc_creation_win_exploit_cve_2015_1641.yml 05-Aug-2023 01:06 797
proc_creation_win_exploit_cve_2017_0261.yml 05-Aug-2023 01:06 799
proc_creation_win_exploit_cve_2017_11882.yml 05-Aug-2023 01:06 935
proc_creation_win_exploit_cve_2017_8759.yml 05-Aug-2023 01:06 840
proc_creation_win_exploit_cve_2019_1378.yml 05-Aug-2023 01:06 1169
proc_creation_win_exploit_cve_2019_1388.yml 05-Aug-2023 01:06 1082
proc_creation_win_exploit_cve_2020_10189.yml 05-Aug-2023 01:06 957
proc_creation_win_exploit_cve_2020_1048.yml 05-Aug-2023 01:06 821
proc_creation_win_exploit_cve_2020_1350.yml 05-Aug-2023 01:06 973
proc_creation_win_exploit_lpe_cve_2021_41379.yml 05-Aug-2023 01:06 744
proc_creation_win_exploit_systemnightmare.yml 05-Aug-2023 01:06 665
proc_creation_win_false_sysinternalsuite.yml 05-Aug-2023 01:06 5195
proc_creation_win_file_permission_modifications..> 05-Aug-2023 01:06 1294
proc_creation_win_findstr_gpp_passwords.yml 05-Aug-2023 01:06 786
proc_creation_win_fsutil_drive_enumeration.yml 05-Aug-2023 01:06 931
proc_creation_win_fsutil_symlinkevaluation.yml 05-Aug-2023 01:06 955
proc_creation_win_gotoopener.yml 05-Aug-2023 01:06 1211
proc_creation_win_grabbing_sensitive_hives_via_..> 05-Aug-2023 01:06 1535
proc_creation_win_hack_adcspwn.yml 05-Aug-2023 01:06 680
proc_creation_win_hack_bloodhound.yml 05-Aug-2023 01:06 1159
proc_creation_win_hack_cube0x0_tools.yml 05-Aug-2023 01:06 638
proc_creation_win_hack_dumpert.yml 05-Aug-2023 01:06 681
proc_creation_win_hack_hydra.yml 05-Aug-2023 01:06 792
proc_creation_win_hack_koadic.yml 05-Aug-2023 01:06 863
proc_creation_win_hack_krbrelay.yml 05-Aug-2023 01:06 920
proc_creation_win_hack_krbrelayup.yml 05-Aug-2023 01:06 1098
proc_creation_win_hack_rubeus.yml 05-Aug-2023 01:06 1017
proc_creation_win_hack_secutyxploded.yml 05-Aug-2023 01:06 746
proc_creation_win_hack_wce.yml 05-Aug-2023 01:06 1072
proc_creation_win_hacktool_imphashes.yml 05-Aug-2023 01:06 4223
proc_creation_win_hashcat.yml 05-Aug-2023 01:06 919
proc_creation_win_headless_browser_file_downloa..> 05-Aug-2023 01:06 799
proc_creation_win_hh_chm.yml 05-Aug-2023 01:06 800
proc_creation_win_hiding_malware_in_fonts_folde..> 05-Aug-2023 01:06 1425
proc_creation_win_high_integrity_sdclt.yml 05-Aug-2023 01:06 827
proc_creation_win_hktl_createminidump.yml 05-Aug-2023 01:06 882
proc_creation_win_hktl_uacme_uac_bypass.yml 05-Aug-2023 01:06 626
proc_creation_win_html_help_spawn.yml 05-Aug-2023 01:06 1011
proc_creation_win_hwp_exploits.yml 05-Aug-2023 01:06 1044
proc_creation_win_iis_http_logging.yml 05-Aug-2023 01:06 793
proc_creation_win_impacket_compiled_tools.yml 05-Aug-2023 01:06 2505
proc_creation_win_impacket_lateralization.yml 05-Aug-2023 01:06 2762
proc_creation_win_indirect_cmd.yml 05-Aug-2023 01:06 1003
proc_creation_win_infdefaultinstall.yml 05-Aug-2023 01:06 885
proc_creation_win_install_reg_debugger_backdoor..> 05-Aug-2023 01:06 940
proc_creation_win_interactive_at.yml 05-Aug-2023 01:06 864
proc_creation_win_invoke_obfuscation_clip.yml 05-Aug-2023 01:06 662
proc_creation_win_invoke_obfuscation_obfuscated..> 05-Aug-2023 01:06 1160
proc_creation_win_invoke_obfuscation_stdin.yml 05-Aug-2023 01:06 641
proc_creation_win_invoke_obfuscation_var.yml 05-Aug-2023 01:06 683
proc_creation_win_invoke_obfuscation_via_compre..> 05-Aug-2023 01:06 790
proc_creation_win_invoke_obfuscation_via_rundll..> 05-Aug-2023 01:06 677
proc_creation_win_invoke_obfuscation_via_stdin.yml 05-Aug-2023 01:06 615
proc_creation_win_invoke_obfuscation_via_use_cl..> 05-Aug-2023 01:06 630
proc_creation_win_invoke_obfuscation_via_use_mh..> 05-Aug-2023 01:06 695
proc_creation_win_invoke_obfuscation_via_use_ru..> 05-Aug-2023 01:06 748
proc_creation_win_invoke_obfuscation_via_var.yml 05-Aug-2023 01:06 654
proc_creation_win_jlaive_batch_execution.yml 05-Aug-2023 01:06 972
proc_creation_win_lethalhta.yml 05-Aug-2023 01:06 586
proc_creation_win_local_system_owner_account_di..> 05-Aug-2023 01:06 1994
proc_creation_win_logmein.yml 05-Aug-2023 01:06 1205
proc_creation_win_logon_scripts_userinitmprlogo..> 05-Aug-2023 01:06 1015
proc_creation_win_lolbin_adplus.yml 05-Aug-2023 01:06 1150
proc_creation_win_lolbin_aspnet_compiler.yml 05-Aug-2023 01:06 642
proc_creation_win_lolbin_bash.yml 05-Aug-2023 01:06 599
proc_creation_win_lolbin_certoc_download.yml 05-Aug-2023 01:06 666
proc_creation_win_lolbin_cl_invocation.yml 05-Aug-2023 01:06 846
proc_creation_win_lolbin_cl_loadassembly.yml 05-Aug-2023 01:06 757
proc_creation_win_lolbin_cl_mutexverifiers.yml 05-Aug-2023 01:06 685
proc_creation_win_lolbin_class_exec_xwizard.yml 05-Aug-2023 01:06 713
proc_creation_win_lolbin_cmdl32.yml 05-Aug-2023 01:06 813
proc_creation_win_lolbin_configsecuritypolicy.yml 05-Aug-2023 01:06 845
proc_creation_win_lolbin_cscript_gathernetworki..> 05-Aug-2023 01:06 886
proc_creation_win_lolbin_data_exfiltration_by_u..> 05-Aug-2023 01:06 1668
proc_creation_win_lolbin_diantz_ads.yml 05-Aug-2023 01:06 676
proc_creation_win_lolbin_diantz_remote_cab.yml 05-Aug-2023 01:06 647
proc_creation_win_lolbin_dll_sideload_xwizard.yml 05-Aug-2023 01:06 780
proc_creation_win_lolbin_dump64.yml 05-Aug-2023 01:06 889
proc_creation_win_lolbin_execution_via_winget.yml 05-Aug-2023 01:06 1218
proc_creation_win_lolbin_extexport.yml 05-Aug-2023 01:06 666
proc_creation_win_lolbin_extrac32.yml 05-Aug-2023 01:06 806
proc_creation_win_lolbin_extrac32_ads.yml 05-Aug-2023 01:06 646
proc_creation_win_lolbin_findstr.yml 05-Aug-2023 01:06 1468
proc_creation_win_lolbin_forfiles.yml 05-Aug-2023 01:06 1071
proc_creation_win_lolbin_fsharp_interpreters.yml 05-Aug-2023 01:06 1078
proc_creation_win_lolbin_gpscript.yml 05-Aug-2023 01:06 864
proc_creation_win_lolbin_ie4uinit.yml 05-Aug-2023 01:06 997
proc_creation_win_lolbin_ieexec_download.yml 05-Aug-2023 01:06 636
proc_creation_win_lolbin_ilasm.yml 05-Aug-2023 01:06 652
proc_creation_win_lolbin_jsc.yml 05-Aug-2023 01:06 616
proc_creation_win_lolbin_mftrace.yml 05-Aug-2023 01:06 980
proc_creation_win_lolbin_msdt_answer_file.yml 05-Aug-2023 01:06 976
proc_creation_win_lolbin_offlinescannershell.yml 05-Aug-2023 01:06 786
proc_creation_win_lolbin_openconsole.yml 05-Aug-2023 01:06 817
proc_creation_win_lolbin_pcalua.yml 05-Aug-2023 01:06 883
proc_creation_win_lolbin_pcwrun.yml 05-Aug-2023 01:06 888
proc_creation_win_lolbin_pcwrun_follina.yml 05-Aug-2023 01:06 691
proc_creation_win_lolbin_pktmon.yml 05-Aug-2023 01:06 568
proc_creation_win_lolbin_presentationhost.yml 05-Aug-2023 01:06 1062
proc_creation_win_lolbin_printbrm.yml 05-Aug-2023 01:06 770
proc_creation_win_lolbin_pubprn.yml 05-Aug-2023 01:06 585
proc_creation_win_lolbin_rasautou_dll_execution..> 05-Aug-2023 01:06 1337
proc_creation_win_lolbin_remote.yml 05-Aug-2023 01:06 784
proc_creation_win_lolbin_replace.yml 05-Aug-2023 01:06 759
proc_creation_win_lolbin_rundll32_installscreen..> 05-Aug-2023 01:06 733
proc_creation_win_lolbin_scriptrunner.yml 05-Aug-2023 01:06 776
proc_creation_win_lolbin_squirrel.yml 05-Aug-2023 01:06 946
proc_creation_win_lolbin_susp_acccheckconsole.yml 05-Aug-2023 01:06 915
proc_creation_win_lolbin_susp_atbroker.yml 05-Aug-2023 01:06 1564
proc_creation_win_lolbin_susp_certreq_download.yml 05-Aug-2023 01:06 900
proc_creation_win_lolbin_susp_driver_installed_..> 05-Aug-2023 01:06 1327
proc_creation_win_lolbin_susp_dxcap.yml 05-Aug-2023 01:06 853
proc_creation_win_lolbin_susp_grpconv.yml 05-Aug-2023 01:06 657
proc_creation_win_lolbin_susp_mpcmdrun_download..> 05-Aug-2023 01:06 917
proc_creation_win_lolbin_susp_sqldumper_activit..> 05-Aug-2023 01:06 872
proc_creation_win_lolbin_susp_wsl.yml 05-Aug-2023 01:06 1000
proc_creation_win_lolbin_syncappvpublishingserv..> 05-Aug-2023 01:06 917
proc_creation_win_lolbin_syncappvpublishingserv..> 05-Aug-2023 01:06 902
proc_creation_win_lolbin_ttdinject.yml 05-Aug-2023 01:06 632
proc_creation_win_lolbin_tttracer_mod_load.yml 05-Aug-2023 01:06 989
proc_creation_win_lolbin_utilityfunctions.yml 05-Aug-2023 01:06 623
proc_creation_win_lolbin_visual_basic_compiler.yml 05-Aug-2023 01:06 735
proc_creation_win_lolbin_visualuiaverifynative.yml 05-Aug-2023 01:06 1112
proc_creation_win_lolbin_vsiisexelauncher.yml 05-Aug-2023 01:06 775
proc_creation_win_lolbin_wfc.yml 05-Aug-2023 01:06 810
proc_creation_win_lolbin_winword.yml 05-Aug-2023 01:06 893
proc_creation_win_lolbin_wlrmdr.yml 05-Aug-2023 01:06 815
proc_creation_win_lolbins_by_office_application..> 05-Aug-2023 01:06 1455
proc_creation_win_lolbins_with_wmiprvse_parent_..> 05-Aug-2023 01:06 1103
proc_creation_win_long_powershell_commandline.yml 05-Aug-2023 01:06 748
proc_creation_win_lsass_dump.yml 05-Aug-2023 01:06 1256
proc_creation_win_mailboxexport_share.yml 05-Aug-2023 01:06 1009
proc_creation_win_mal_adwind.yml 05-Aug-2023 01:06 969
proc_creation_win_mal_blue_mockingbird.yml 05-Aug-2023 01:06 833
proc_creation_win_mal_darkside_ransomware.yml 05-Aug-2023 01:06 1000
proc_creation_win_mal_hermetic_wiper_activity.yml 05-Aug-2023 01:06 893
proc_creation_win_mal_lockergoga_ransomware.yml 05-Aug-2023 01:06 737
proc_creation_win_mal_ryuk.yml 05-Aug-2023 01:06 690
proc_creation_win_malware_conti.yml 05-Aug-2023 01:06 789
proc_creation_win_malware_conti_7zip.yml 05-Aug-2023 01:06 717
proc_creation_win_malware_conti_shadowcopy.yml 05-Aug-2023 01:06 969
proc_creation_win_malware_dridex.yml 05-Aug-2023 01:06 974
proc_creation_win_malware_dtrack.yml 05-Aug-2023 01:06 704
proc_creation_win_malware_emotet.yml 05-Aug-2023 01:06 1431
proc_creation_win_malware_formbook.yml 05-Aug-2023 01:06 1739
proc_creation_win_malware_notpetya.yml 05-Aug-2023 01:06 1216
proc_creation_win_malware_qbot.yml 05-Aug-2023 01:06 929
proc_creation_win_malware_ryuk.yml 05-Aug-2023 01:06 611
proc_creation_win_malware_script_dropper.yml 05-Aug-2023 01:06 916
proc_creation_win_malware_trickbot_recon_activi..> 05-Aug-2023 01:06 881
proc_creation_win_malware_trickbot_wermgr.yml 05-Aug-2023 01:06 722
proc_creation_win_malware_wannacry.yml 05-Aug-2023 01:06 1551
proc_creation_win_manage_bde_lolbas.yml 05-Aug-2023 01:06 988
proc_creation_win_mavinject_proc_inj.yml 05-Aug-2023 01:06 661
proc_creation_win_meterpreter_or_cobaltstrike_g..> 05-Aug-2023 01:06 1948
proc_creation_win_mimikatz_command_line.yml 05-Aug-2023 01:06 1771
proc_creation_win_mmc20_lateral_movement.yml 05-Aug-2023 01:06 885
proc_creation_win_mmc_spawn_shell.yml 05-Aug-2023 01:06 870
proc_creation_win_modif_of_services_for_via_com..> 05-Aug-2023 01:06 1844
proc_creation_win_monitoring_for_persistence_vi..> 05-Aug-2023 01:06 1593
proc_creation_win_mouse_lock.yml 05-Aug-2023 01:06 920
proc_creation_win_msdeploy.yml 05-Aug-2023 01:06 879
proc_creation_win_msdt.yml 05-Aug-2023 01:06 1191
proc_creation_win_msdt_diagcab.yml 05-Aug-2023 01:06 860
proc_creation_win_msdt_susp_cab_options.yml 05-Aug-2023 01:06 829
proc_creation_win_msdt_susp_parent.yml 05-Aug-2023 01:06 986
proc_creation_win_msedge_minimized_download.yml 05-Aug-2023 01:06 728
proc_creation_win_mshta_javascript.yml 05-Aug-2023 01:06 791
proc_creation_win_mshta_spawn_shell.yml 05-Aug-2023 01:06 951
proc_creation_win_msiexec_dll.yml 05-Aug-2023 01:06 752
proc_creation_win_msiexec_embedding.yml 05-Aug-2023 01:06 929
proc_creation_win_msiexec_execute_dll.yml 05-Aug-2023 01:06 1461
proc_creation_win_msiexec_install_quiet.yml 05-Aug-2023 01:06 912
proc_creation_win_msra_process_injection.yml 05-Aug-2023 01:06 1078
proc_creation_win_mstsc.yml 05-Aug-2023 01:06 1200
proc_creation_win_multiple_susp_cli.yml 05-Aug-2023 01:06 1621
proc_creation_win_net_enum.yml 05-Aug-2023 01:06 969
proc_creation_win_net_use_admin_share.yml 05-Aug-2023 01:06 878
proc_creation_win_net_user_add.yml 05-Aug-2023 01:06 930
proc_creation_win_netcat_execution.yml 05-Aug-2023 01:06 1098
proc_creation_win_netsh_allow_port_rdp.yml 05-Aug-2023 01:06 813
proc_creation_win_netsh_fw_add.yml 05-Aug-2023 01:06 1186
proc_creation_win_netsh_fw_add_susp_image.yml 05-Aug-2023 01:06 1818
proc_creation_win_netsh_fw_enable_group_rule.yml 05-Aug-2023 01:06 958
proc_creation_win_netsh_packet_capture.yml 05-Aug-2023 01:06 791
proc_creation_win_netsh_port_fwd.yml 05-Aug-2023 01:06 1269
proc_creation_win_netsh_port_fwd_3389.yml 05-Aug-2023 01:06 774
proc_creation_win_netsh_wifi_credential_harvest..> 05-Aug-2023 01:06 825
proc_creation_win_network_scan_loop.yml 05-Aug-2023 01:06 912
proc_creation_win_network_sniffing.yml 05-Aug-2023 01:06 1029
proc_creation_win_new_service_creation.yml 05-Aug-2023 01:06 817
proc_creation_win_nltest_recon.yml 05-Aug-2023 01:06 1378
proc_creation_win_non_interactive_powershell.yml 05-Aug-2023 01:06 851
proc_creation_win_non_priv_reg_or_ps.yml 05-Aug-2023 01:06 1287
proc_creation_win_office_applications_spawning_..> 05-Aug-2023 01:06 1139
proc_creation_win_office_dir_traversal_cli.yml 05-Aug-2023 01:06 920
proc_creation_win_office_from_proxy_executing_r..> 05-Aug-2023 01:06 1706
proc_creation_win_office_from_proxy_executing_r..> 05-Aug-2023 01:06 1662
proc_creation_win_office_shell.yml 05-Aug-2023 01:06 1750
proc_creation_win_office_spawn_exe_from_users_d..> 05-Aug-2023 01:06 1171
proc_creation_win_office_spawning_wmi_commandli..> 05-Aug-2023 01:06 1181
proc_creation_win_outlook_shell.yml 05-Aug-2023 01:06 2376
proc_creation_win_pingback_backdoor.yml 05-Aug-2023 01:06 834
proc_creation_win_plugx_susp_exe_locations.yml 05-Aug-2023 01:06 3218
proc_creation_win_possible_applocker_bypass.yml 05-Aug-2023 01:06 1337
proc_creation_win_possible_privilege_escalation..> 05-Aug-2023 01:06 1169
proc_creation_win_powershell_amsi_bypass.yml 05-Aug-2023 01:06 812
proc_creation_win_powershell_audio_capture.yml 05-Aug-2023 01:06 761
proc_creation_win_powershell_b64_shellcode.yml 05-Aug-2023 01:06 617
proc_creation_win_powershell_bitsjob.yml 05-Aug-2023 01:06 810
proc_creation_win_powershell_cmdline_reversed_s..> 05-Aug-2023 01:06 1287
proc_creation_win_powershell_cmdline_special_ch..> 05-Aug-2023 01:06 2317
proc_creation_win_powershell_cmdline_specific_c..> 05-Aug-2023 01:06 1450
proc_creation_win_powershell_defender_base64.yml 05-Aug-2023 01:06 1848
proc_creation_win_powershell_defender_disable_f..> 05-Aug-2023 01:06 3704
proc_creation_win_powershell_defender_exclusion..> 05-Aug-2023 01:06 1185
proc_creation_win_powershell_disable_windef_av.yml 05-Aug-2023 01:06 1515
proc_creation_win_powershell_dll_execution.yml 05-Aug-2023 01:06 756
proc_creation_win_powershell_downgrade_attack.yml 05-Aug-2023 01:06 871
proc_creation_win_powershell_download.yml 05-Aug-2023 01:06 722
proc_creation_win_powershell_download_patterns.yml 05-Aug-2023 01:06 1189
proc_creation_win_powershell_frombase64string.yml 05-Aug-2023 01:06 624
proc_creation_win_powershell_get_clipboard.yml 05-Aug-2023 01:06 761
proc_creation_win_powershell_public_folder.yml 05-Aug-2023 01:06 680
proc_creation_win_powershell_reverse_shell_conn..> 05-Aug-2023 01:06 903
proc_creation_win_powershell_snapins_hafnium.yml 05-Aug-2023 01:06 904
proc_creation_win_powershell_susp_parameter_var..> 05-Aug-2023 01:06 3135
proc_creation_win_powershell_xor_commandline.yml 05-Aug-2023 01:06 914
proc_creation_win_powersploit_empire_schtasks.yml 05-Aug-2023 01:06 1407
proc_creation_win_proc_dump_createdump.yml 05-Aug-2023 01:06 839
proc_creation_win_proc_dump_dumpminitool.yml 05-Aug-2023 01:06 843
proc_creation_win_proc_dump_rdrleakdiag.yml 05-Aug-2023 01:06 825
proc_creation_win_proc_dump_susp_dumpminitool.yml 05-Aug-2023 01:06 1196
proc_creation_win_proc_wrong_parent.yml 05-Aug-2023 01:06 1593
proc_creation_win_procdump.yml 05-Aug-2023 01:06 702
proc_creation_win_procdump_evasion.yml 05-Aug-2023 01:06 1189
proc_creation_win_process_dump_rdrleakdiag.yml 05-Aug-2023 01:06 601
proc_creation_win_process_dump_rundll32_comsvcs..> 05-Aug-2023 01:06 1269
proc_creation_win_protocolhandler_susp_file.yml 05-Aug-2023 01:06 836
proc_creation_win_proxy_execution_wuauclt.yml 05-Aug-2023 01:06 1328
proc_creation_win_psexesvc_start.yml 05-Aug-2023 01:06 452
proc_creation_win_public_folder_parent.yml 05-Aug-2023 01:06 758
proc_creation_win_purplesharp_indicators.yml 05-Aug-2023 01:06 667
proc_creation_win_pypykatz.yml 05-Aug-2023 01:06 878
proc_creation_win_python_pty_spawn.yml 05-Aug-2023 01:06 859
proc_creation_win_query_registry.yml 05-Aug-2023 01:06 1219
proc_creation_win_ransom_blackbyte.yml 05-Aug-2023 01:06 847
proc_creation_win_rdp_hijack_shadowing.yml 05-Aug-2023 01:06 637
proc_creation_win_redirect_to_stream.yml 05-Aug-2023 01:06 658
proc_creation_win_redmimicry_winnti_proc.yml 05-Aug-2023 01:06 687
proc_creation_win_reg_add_run_key.yml 05-Aug-2023 01:06 739
proc_creation_win_reg_defender_exclusion.yml 05-Aug-2023 01:06 994
proc_creation_win_reg_defender_tampering.yml 05-Aug-2023 01:06 981
proc_creation_win_reg_dump_sam.yml 05-Aug-2023 01:06 881
proc_creation_win_reg_enable_rdp.yml 05-Aug-2023 01:06 1293
proc_creation_win_reg_lsass_ppl.yml 05-Aug-2023 01:06 905
proc_creation_win_reg_service_imagepath_change.yml 05-Aug-2023 01:06 1229
proc_creation_win_regedit_export_critical_keys.yml 05-Aug-2023 01:06 1007
proc_creation_win_regedit_export_keys.yml 05-Aug-2023 01:06 1000
proc_creation_win_regedit_import_keys.yml 05-Aug-2023 01:06 1013
proc_creation_win_regedit_import_keys_ads.yml 05-Aug-2023 01:06 929
proc_creation_win_regini.yml 05-Aug-2023 01:06 1059
proc_creation_win_regini_ads.yml 05-Aug-2023 01:06 984
proc_creation_win_remote_powershell_session_pro..> 05-Aug-2023 01:06 918
proc_creation_win_remote_time_discovery.yml 05-Aug-2023 01:06 1086
proc_creation_win_remove_windows_defender_defin..> 05-Aug-2023 01:06 934
proc_creation_win_renamed_binary.yml 05-Aug-2023 01:06 2027
proc_creation_win_renamed_binary_highly_relevan..> 05-Aug-2023 01:06 1536
proc_creation_win_renamed_browsercore.yml 05-Aug-2023 01:06 653
proc_creation_win_renamed_jusched.yml 05-Aug-2023 01:06 785
proc_creation_win_renamed_megasync.yml 05-Aug-2023 01:06 938
proc_creation_win_renamed_msdt.yml 05-Aug-2023 01:06 569
proc_creation_win_renamed_paexec.yml 05-Aug-2023 01:06 1217
proc_creation_win_renamed_plink.yml 05-Aug-2023 01:06 725
proc_creation_win_renamed_powershell.yml 05-Aug-2023 01:06 831
proc_creation_win_renamed_procdump.yml 05-Aug-2023 01:06 999
proc_creation_win_renamed_psexec.yml 05-Aug-2023 01:06 893
proc_creation_win_renamed_rundll32.yml 05-Aug-2023 01:06 604
proc_creation_win_renamed_whoami.yml 05-Aug-2023 01:06 769
proc_creation_win_root_certificate_installed.yml 05-Aug-2023 01:06 1282
proc_creation_win_rpcss_anomalies.yml 05-Aug-2023 01:06 944
proc_creation_win_run_executable_invalid_extens..> 05-Aug-2023 01:06 1369
proc_creation_win_run_from_zip.yml 05-Aug-2023 01:06 596
proc_creation_win_run_powershell_script_from_ad..> 05-Aug-2023 01:06 695
proc_creation_win_run_powershell_script_from_in..> 05-Aug-2023 01:06 824
proc_creation_win_run_virtualbox.yml 05-Aug-2023 01:06 1299
proc_creation_win_rundll32_not_from_c_drive.yml 05-Aug-2023 01:06 808
proc_creation_win_rundll32_parent_explorer.yml 05-Aug-2023 01:06 762
proc_creation_win_rundll32_registered_com_objec..> 05-Aug-2023 01:06 815
proc_creation_win_rundll32_without_parameters.yml 05-Aug-2023 01:06 758
proc_creation_win_schtasks_appdata_local_system..> 05-Aug-2023 01:06 760
proc_creation_win_schtasks_powershell_windowsap..> 05-Aug-2023 01:06 1071
proc_creation_win_schtasks_reg_loader.yml 05-Aug-2023 01:06 995
proc_creation_win_screenconnect.yml 05-Aug-2023 01:06 1251
proc_creation_win_screenconnect_anomaly.yml 05-Aug-2023 01:06 908
proc_creation_win_script_event_consumer_spawn.yml 05-Aug-2023 01:06 1109
proc_creation_win_sdbinst_shim_persistence.yml 05-Aug-2023 01:06 976
proc_creation_win_sdclt_child_process.yml 05-Aug-2023 01:06 759
proc_creation_win_sdelete.yml 05-Aug-2023 01:06 776
proc_creation_win_sdiagnhost_susp_child.yml 05-Aug-2023 01:06 830
proc_creation_win_service_execution.yml 05-Aug-2023 01:06 854
proc_creation_win_service_stop.yml 05-Aug-2023 01:06 1074
proc_creation_win_set_policies_to_unsecure_leve..> 05-Aug-2023 01:06 1090
proc_creation_win_shadow_copies_access_symlink.yml 05-Aug-2023 01:06 754
proc_creation_win_shadow_copies_creation.yml 05-Aug-2023 01:06 1019
proc_creation_win_shadow_copies_deletion.yml 05-Aug-2023 01:06 2536
proc_creation_win_shell_spawn_by_java.yml 05-Aug-2023 01:06 864
proc_creation_win_shell_spawn_susp_program.yml 05-Aug-2023 01:06 1618
proc_creation_win_silenttrinity_stage_use.yml 05-Aug-2023 01:06 542
proc_creation_win_software_discovery.yml 05-Aug-2023 01:06 1135
proc_creation_win_soundrec_audio_capture.yml 05-Aug-2023 01:06 793
proc_creation_win_spn_enum.yml 05-Aug-2023 01:06 779
proc_creation_win_sqlcmd_veeam_dump.yml 05-Aug-2023 01:06 781
proc_creation_win_sqlite_firefox_cookies.yml 05-Aug-2023 01:06 774
proc_creation_win_sticky_keys_unauthenticated_p..> 05-Aug-2023 01:06 974
proc_creation_win_stickykey_like_backdoor.yml 05-Aug-2023 01:06 1152
proc_creation_win_stordiag_execution.yml 05-Aug-2023 01:06 1019
proc_creation_win_sus_auditpol_usage.yml 05-Aug-2023 01:06 1228
proc_creation_win_susp_7z.yml 05-Aug-2023 01:06 1004
proc_creation_win_susp_ad_reco.yml 05-Aug-2023 01:06 1035
proc_creation_win_susp_add_user_remote_desktop.yml 05-Aug-2023 01:06 915
proc_creation_win_susp_adfind.yml 05-Aug-2023 01:06 1061
proc_creation_win_susp_adfind_enumerate.yml 05-Aug-2023 01:06 1191
proc_creation_win_susp_adidnsdump.yml 05-Aug-2023 01:06 827
proc_creation_win_susp_advancedrun.yml 05-Aug-2023 01:06 1018
proc_creation_win_susp_advancedrun_priv_user.yml 05-Aug-2023 01:06 1249
proc_creation_win_susp_athremotefxvgpudisableme..> 05-Aug-2023 01:06 1248
proc_creation_win_susp_base64_invoke.yml 05-Aug-2023 01:06 1418
proc_creation_win_susp_base64_load.yml 05-Aug-2023 01:06 1739
proc_creation_win_susp_bcdedit.yml 05-Aug-2023 01:06 852
proc_creation_win_susp_bginfo.yml 05-Aug-2023 01:06 797
proc_creation_win_susp_bitstransfer.yml 05-Aug-2023 01:06 881
proc_creation_win_susp_calc.yml 05-Aug-2023 01:06 751
proc_creation_win_susp_cdb.yml 05-Aug-2023 01:06 1048
proc_creation_win_susp_certutil_command.yml 05-Aug-2023 01:06 1706
proc_creation_win_susp_certutil_encode.yml 05-Aug-2023 01:06 801
proc_creation_win_susp_char_in_cmd.yml 05-Aug-2023 01:06 1001
proc_creation_win_susp_child_process_as_system_..> 05-Aug-2023 01:06 1406
proc_creation_win_susp_cipher.yml 05-Aug-2023 01:06 892
proc_creation_win_susp_cli_escape.yml 05-Aug-2023 01:06 1081
proc_creation_win_susp_cmd_http_appdata.yml 05-Aug-2023 01:06 1116
proc_creation_win_susp_cmd_shadowcopy_access.yml 05-Aug-2023 01:06 786
proc_creation_win_susp_codepage_lookup.yml 05-Aug-2023 01:06 876
proc_creation_win_susp_codepage_switch.yml 05-Aug-2023 01:06 991
proc_creation_win_susp_commandline_chars.yml 05-Aug-2023 01:06 965
proc_creation_win_susp_commands_recon_activity.yml 05-Aug-2023 01:06 1343
proc_creation_win_susp_compression_params.yml 05-Aug-2023 01:06 820
proc_creation_win_susp_comsvcs_procdump.yml 05-Aug-2023 01:06 931
proc_creation_win_susp_conhost.yml 05-Aug-2023 01:06 792
proc_creation_win_susp_conhost_option.yml 05-Aug-2023 01:06 768
proc_creation_win_susp_control_cve_2021_40444.yml 05-Aug-2023 01:06 964
proc_creation_win_susp_control_dll_load.yml 05-Aug-2023 01:06 735
proc_creation_win_susp_copy_lateral_movement.yml 05-Aug-2023 01:06 1185
proc_creation_win_susp_copy_system32.yml 05-Aug-2023 01:06 1208
proc_creation_win_susp_covenant.yml 05-Aug-2023 01:06 896
proc_creation_win_susp_crackmapexec_execution.yml 05-Aug-2023 01:06 1363
proc_creation_win_susp_crackmapexec_flags.yml 05-Aug-2023 01:06 1730
proc_creation_win_susp_crackmapexec_powershell_..> 05-Aug-2023 01:06 1135
proc_creation_win_susp_csc.yml 05-Aug-2023 01:06 727
proc_creation_win_susp_csc_folder.yml 05-Aug-2023 01:06 1699
proc_creation_win_susp_cscript_vbs.yml 05-Aug-2023 01:06 600
proc_creation_win_susp_csi.yml 05-Aug-2023 01:06 1466
proc_creation_win_susp_curl_download.yml 05-Aug-2023 01:06 1532
proc_creation_win_susp_curl_fileupload.yml 05-Aug-2023 01:06 1137
proc_creation_win_susp_curl_start_combo.yml 05-Aug-2023 01:06 878
proc_creation_win_susp_curl_useragent.yml 05-Aug-2023 01:06 898
proc_creation_win_susp_dctask64_proc_inject.yml 05-Aug-2023 01:06 802
proc_creation_win_susp_del.yml 05-Aug-2023 01:06 940
proc_creation_win_susp_desktopimgdownldr.yml 05-Aug-2023 01:06 1061
proc_creation_win_susp_devinit_lolbin.yml 05-Aug-2023 01:06 670
proc_creation_win_susp_devtoolslauncher.yml 05-Aug-2023 01:06 771
proc_creation_win_susp_dir.yml 05-Aug-2023 01:06 569
proc_creation_win_susp_direct_asep_reg_keys_mod..> 05-Aug-2023 01:06 1751
proc_creation_win_susp_disable_eventlog.yml 05-Aug-2023 01:06 976
proc_creation_win_susp_disable_ie_features.yml 05-Aug-2023 01:06 966
proc_creation_win_susp_disable_raccine.yml 05-Aug-2023 01:06 951
proc_creation_win_susp_diskshadow.yml 05-Aug-2023 01:06 1057
proc_creation_win_susp_ditsnap.yml 05-Aug-2023 01:06 688
proc_creation_win_susp_dllhost_no_cli.yml 05-Aug-2023 01:06 857
proc_creation_win_susp_dnx.yml 05-Aug-2023 01:06 714
proc_creation_win_susp_double_extension.yml 05-Aug-2023 01:06 971
proc_creation_win_susp_download_office_domain.yml 05-Aug-2023 01:06 1097
proc_creation_win_susp_dtrace_kernel_dump.yml 05-Aug-2023 01:06 811
proc_creation_win_susp_emotet_rundll32_executio..> 05-Aug-2023 01:06 1274
proc_creation_win_susp_esentutl_params.yml 05-Aug-2023 01:06 942
proc_creation_win_susp_eventlog_clear.yml 05-Aug-2023 01:06 1595
proc_creation_win_susp_execution_path.yml 05-Aug-2023 01:06 1702
proc_creation_win_susp_execution_path_webserver..> 05-Aug-2023 01:06 804
proc_creation_win_susp_explorer.yml 05-Aug-2023 01:06 679
proc_creation_win_susp_explorer_break_proctree.yml 05-Aug-2023 01:06 1162
proc_creation_win_susp_explorer_nouaccheck.yml 05-Aug-2023 01:06 982
proc_creation_win_susp_file_characteristics.yml 05-Aug-2023 01:06 1036
proc_creation_win_susp_file_download_via_gfxdow..> 05-Aug-2023 01:06 839
proc_creation_win_susp_findstr_385201.yml 05-Aug-2023 01:06 712
proc_creation_win_susp_findstr_lnk.yml 05-Aug-2023 01:06 753
proc_creation_win_susp_finger_usage.yml 05-Aug-2023 01:06 848
proc_creation_win_susp_firewall_disable.yml 05-Aug-2023 01:06 1028
proc_creation_win_susp_format.yml 05-Aug-2023 01:06 938
proc_creation_win_susp_fsutil_usage.yml 05-Aug-2023 01:06 1252
proc_creation_win_susp_ftp.yml 05-Aug-2023 01:06 938
proc_creation_win_susp_gpresult.yml 05-Aug-2023 01:06 1002
proc_creation_win_susp_gup.yml 05-Aug-2023 01:06 990
proc_creation_win_susp_gup_download.yml 05-Aug-2023 01:06 909
proc_creation_win_susp_gup_execution.yml 05-Aug-2023 01:06 779
proc_creation_win_susp_hostname.yml 05-Aug-2023 01:06 664
proc_creation_win_susp_image_missing.yml 05-Aug-2023 01:06 956
proc_creation_win_susp_instalutil.yml 05-Aug-2023 01:06 829
proc_creation_win_susp_iss_module_install.yml 05-Aug-2023 01:06 784
proc_creation_win_susp_lsass_clone.yml 05-Aug-2023 01:06 846
proc_creation_win_susp_machineguid.yml 05-Aug-2023 01:06 704
proc_creation_win_susp_mounted_share_deletion.yml 05-Aug-2023 01:06 852
proc_creation_win_susp_mpiexec_lolbin.yml 05-Aug-2023 01:06 970
proc_creation_win_susp_mshta_execution.yml 05-Aug-2023 01:06 1368
proc_creation_win_susp_mshta_pattern.yml 05-Aug-2023 01:06 1406
proc_creation_win_susp_msiexec_cwd.yml 05-Aug-2023 01:06 675
proc_creation_win_susp_msiexec_web_install.yml 05-Aug-2023 01:06 759
proc_creation_win_susp_msoffice.yml 05-Aug-2023 01:06 807
proc_creation_win_susp_net_execution.yml 05-Aug-2023 01:06 1820
proc_creation_win_susp_net_use_password_plainte..> 05-Aug-2023 01:06 696
proc_creation_win_susp_netsh_command.yml 05-Aug-2023 01:06 1008
proc_creation_win_susp_netsh_dll_persistence.yml 05-Aug-2023 01:06 759
proc_creation_win_susp_network_command.yml 05-Aug-2023 01:06 983
proc_creation_win_susp_network_listing_connecti..> 05-Aug-2023 01:06 1013
proc_creation_win_susp_ngrok_pua.yml 05-Aug-2023 01:06 1726
proc_creation_win_susp_nmap.yml 05-Aug-2023 01:06 720
proc_creation_win_susp_non_exe_image.yml 05-Aug-2023 01:06 2892
proc_creation_win_susp_nt_resource_kit_auditpol..> 05-Aug-2023 01:06 1042
proc_creation_win_susp_ntdll_type_redirect.yml 05-Aug-2023 01:06 760
proc_creation_win_susp_ntds.yml 05-Aug-2023 01:06 2234
proc_creation_win_susp_ntdsutil.yml 05-Aug-2023 01:06 662
proc_creation_win_susp_ntlmrelay.yml 05-Aug-2023 01:06 960
proc_creation_win_susp_odbcconf.yml 05-Aug-2023 01:06 972
proc_creation_win_susp_openwith.yml 05-Aug-2023 01:06 718
proc_creation_win_susp_outlook.yml 05-Aug-2023 01:06 830
proc_creation_win_susp_outlook_temp.yml 05-Aug-2023 01:06 568
proc_creation_win_susp_parents.yml 05-Aug-2023 01:06 1235
proc_creation_win_susp_pcwutl.yml 05-Aug-2023 01:06 776
proc_creation_win_susp_pester.yml 05-Aug-2023 01:06 964
proc_creation_win_susp_ping_hex_ip.yml 05-Aug-2023 01:06 713
proc_creation_win_susp_plink_remote_forward.yml 05-Aug-2023 01:06 854
proc_creation_win_susp_powershell_cmd_patterns.yml 05-Aug-2023 01:06 965
proc_creation_win_susp_powershell_download_crad..> 05-Aug-2023 01:06 605
proc_creation_win_susp_powershell_download_iex.yml 05-Aug-2023 01:06 884
proc_creation_win_susp_powershell_empire_launch..> 05-Aug-2023 01:06 1312
proc_creation_win_susp_powershell_empire_uac_by..> 05-Aug-2023 01:06 1020
proc_creation_win_susp_powershell_enc_cmd.yml 05-Aug-2023 01:06 1374
proc_creation_win_susp_powershell_encode.yml 05-Aug-2023 01:06 1080
proc_creation_win_susp_powershell_encoded_param..> 05-Aug-2023 01:06 591
proc_creation_win_susp_powershell_getprocess_ls..> 05-Aug-2023 01:06 602
proc_creation_win_susp_powershell_hidden_b64_cm..> 05-Aug-2023 01:06 2452
proc_creation_win_susp_powershell_iex_patterns.yml 05-Aug-2023 01:06 1159
proc_creation_win_susp_powershell_parent_combo.yml 05-Aug-2023 01:06 884
proc_creation_win_susp_powershell_parent_proces..> 05-Aug-2023 01:06 1523
proc_creation_win_susp_powershell_sam_access.yml 05-Aug-2023 01:06 895
proc_creation_win_susp_powershell_sub_processes..> 05-Aug-2023 01:06 947
proc_creation_win_susp_powershell_webclient_cas..> 05-Aug-2023 01:06 4882
proc_creation_win_susp_pressynkey_lolbin.yml 05-Aug-2023 01:06 977
proc_creation_win_susp_print.yml 05-Aug-2023 01:06 858
proc_creation_win_susp_procdump.yml 05-Aug-2023 01:06 888
proc_creation_win_susp_procdump_lsass.yml 05-Aug-2023 01:06 1078
proc_creation_win_susp_progname.yml 05-Aug-2023 01:06 1743
proc_creation_win_susp_ps_appdata.yml 05-Aug-2023 01:06 963
proc_creation_win_susp_ps_downloadfile.yml 05-Aug-2023 01:06 787
proc_creation_win_susp_psexec_eula.yml 05-Aug-2023 01:06 671
proc_creation_win_susp_psexex_paexec_escalate_s..> 05-Aug-2023 01:06 1097
proc_creation_win_susp_psexex_paexec_flags.yml 05-Aug-2023 01:06 1330
proc_creation_win_susp_psloglist.yml 05-Aug-2023 01:06 1360
proc_creation_win_susp_psr_capture_screenshots.yml 05-Aug-2023 01:06 774
proc_creation_win_susp_radmin.yml 05-Aug-2023 01:06 736
proc_creation_win_susp_rar_flags.yml 05-Aug-2023 01:06 1097
proc_creation_win_susp_rasdial_activity.yml 05-Aug-2023 01:06 609
proc_creation_win_susp_razorinstaller_explorer.yml 05-Aug-2023 01:06 1017
proc_creation_win_susp_rclone_execution.yml 05-Aug-2023 01:06 2141
proc_creation_win_susp_recon.yml 05-Aug-2023 01:06 825
proc_creation_win_susp_recon_activity.yml 05-Aug-2023 01:06 1055
proc_creation_win_susp_recon_net_activity.yml 05-Aug-2023 01:06 724
proc_creation_win_susp_redir_local_admin_share.yml 05-Aug-2023 01:06 698
proc_creation_win_susp_reg_bitlocker.yml 05-Aug-2023 01:06 936
proc_creation_win_susp_reg_disable_sec_services..> 05-Aug-2023 01:06 2442
proc_creation_win_susp_reg_open_command.yml 05-Aug-2023 01:06 1085
proc_creation_win_susp_regedit_trustedinstaller..> 05-Aug-2023 01:06 665
proc_creation_win_susp_register_cimprovider.yml 05-Aug-2023 01:06 923
proc_creation_win_susp_registration_via_cscript..> 05-Aug-2023 01:06 924
proc_creation_win_susp_regsvr32_anomalies.yml 05-Aug-2023 01:06 2249
proc_creation_win_susp_regsvr32_explorer.yml 05-Aug-2023 01:06 637
proc_creation_win_susp_regsvr32_flags_anomaly.yml 05-Aug-2023 01:06 710
proc_creation_win_susp_regsvr32_http_pattern.yml 05-Aug-2023 01:06 1117
proc_creation_win_susp_regsvr32_image.yml 05-Aug-2023 01:06 731
proc_creation_win_susp_regsvr32_no_dll.yml 05-Aug-2023 01:06 1005
proc_creation_win_susp_renamed_dctask64.yml 05-Aug-2023 01:06 917
proc_creation_win_susp_renamed_debugview.yml 05-Aug-2023 01:06 663
proc_creation_win_susp_renamed_paexec.yml 05-Aug-2023 01:06 857
proc_creation_win_susp_rpcping.yml 05-Aug-2023 01:06 1237
proc_creation_win_susp_run_folder.yml 05-Aug-2023 01:06 1217
proc_creation_win_susp_run_locations.yml 05-Aug-2023 01:06 975
proc_creation_win_susp_rundll32_activity.yml 05-Aug-2023 01:06 2344
proc_creation_win_susp_rundll32_by_ordinal.yml 05-Aug-2023 01:06 1221
proc_creation_win_susp_rundll32_inline_vbs.yml 05-Aug-2023 01:06 765
proc_creation_win_susp_rundll32_js_runhtmlappli..> 05-Aug-2023 01:06 776
proc_creation_win_susp_rundll32_keymgr.yml 05-Aug-2023 01:06 655
proc_creation_win_susp_rundll32_no_params.yml 05-Aug-2023 01:06 850
proc_creation_win_susp_rundll32_script_run.yml 05-Aug-2023 01:06 872
proc_creation_win_susp_rundll32_setupapi_instal..> 05-Aug-2023 01:06 1581
proc_creation_win_susp_rundll32_spawn_explorer.yml 05-Aug-2023 01:06 768
proc_creation_win_susp_rundll32_sys.yml 05-Aug-2023 01:06 781
proc_creation_win_susp_rundll32_user32_dll.yml 05-Aug-2023 01:06 868
proc_creation_win_susp_runonce_execution.yml 05-Aug-2023 01:06 848
proc_creation_win_susp_runscripthelper.yml 05-Aug-2023 01:06 711
proc_creation_win_susp_sc_query.yml 05-Aug-2023 01:06 586
proc_creation_win_susp_schtask_creation.yml 05-Aug-2023 01:06 833
proc_creation_win_susp_schtask_creation_temp_fo..> 05-Aug-2023 01:06 847
proc_creation_win_susp_schtasks_disable.yml 05-Aug-2023 01:06 936
proc_creation_win_susp_schtasks_env_folder.yml 05-Aug-2023 01:06 1682
proc_creation_win_susp_schtasks_folder_combos.yml 05-Aug-2023 01:06 924
proc_creation_win_susp_schtasks_parent.yml 05-Aug-2023 01:06 969
proc_creation_win_susp_schtasks_pattern.yml 05-Aug-2023 01:06 1594
proc_creation_win_susp_schtasks_user_temp.yml 05-Aug-2023 01:06 896
proc_creation_win_susp_screenconnect_access.yml 05-Aug-2023 01:06 823
proc_creation_win_susp_screensaver_reg.yml 05-Aug-2023 01:06 1819
proc_creation_win_susp_script_exec_from_env_fol..> 05-Aug-2023 01:06 1387
proc_creation_win_susp_script_exec_from_temp.yml 05-Aug-2023 01:06 1274
proc_creation_win_susp_script_execution.yml 05-Aug-2023 01:06 740
proc_creation_win_susp_service_dacl_modificatio..> 05-Aug-2023 01:06 854
proc_creation_win_susp_service_dir.yml 05-Aug-2023 01:06 993
proc_creation_win_susp_service_modification.yml 05-Aug-2023 01:06 1037
proc_creation_win_susp_service_path_modificatio..> 05-Aug-2023 01:06 815
proc_creation_win_susp_servu_exploitation_cve_2..> 05-Aug-2023 01:06 958
proc_creation_win_susp_servu_process_pattern.yml 05-Aug-2023 01:06 1267
proc_creation_win_susp_sharpview.yml 05-Aug-2023 01:06 5111
proc_creation_win_susp_shell_spawn_by_java.yml 05-Aug-2023 01:06 1310
proc_creation_win_susp_shell_spawn_by_java_keyt..> 05-Aug-2023 01:06 1377
proc_creation_win_susp_shell_spawn_from_mssql.yml 05-Aug-2023 01:06 1048
proc_creation_win_susp_shell_spawn_from_winrm.yml 05-Aug-2023 01:06 893
proc_creation_win_susp_shimcache_flush.yml 05-Aug-2023 01:06 1014
proc_creation_win_susp_shutdown.yml 05-Aug-2023 01:06 712
proc_creation_win_susp_splwow64.yml 05-Aug-2023 01:06 630
proc_creation_win_susp_spoolsv_child_processes.yml 05-Aug-2023 01:06 2467
proc_creation_win_susp_squirrel_lolbin.yml 05-Aug-2023 01:06 1726
proc_creation_win_susp_svchost.yml 05-Aug-2023 01:06 880
proc_creation_win_susp_svchost_no_cli.yml 05-Aug-2023 01:06 1173
proc_creation_win_susp_sysprep_appdata.yml 05-Aug-2023 01:06 819
proc_creation_win_susp_system_user_anomaly.yml 05-Aug-2023 01:06 3087
proc_creation_win_susp_systeminfo.yml 05-Aug-2023 01:06 674
proc_creation_win_susp_sysvol_access.yml 05-Aug-2023 01:06 733
proc_creation_win_susp_takeown.yml 05-Aug-2023 01:06 978
proc_creation_win_susp_target_location_shell32.yml 05-Aug-2023 01:06 878
proc_creation_win_susp_taskkill.yml 05-Aug-2023 01:06 890
proc_creation_win_susp_tasklist_command.yml 05-Aug-2023 01:06 830
proc_creation_win_susp_taskmgr_localsystem.yml 05-Aug-2023 01:06 587
proc_creation_win_susp_taskmgr_parent.yml 05-Aug-2023 01:06 628
proc_creation_win_susp_tracker_execution.yml 05-Aug-2023 01:06 835
proc_creation_win_susp_trolleyexpress_procdump.yml 05-Aug-2023 01:06 1334
proc_creation_win_susp_tscon_localsystem.yml 05-Aug-2023 01:06 911
proc_creation_win_susp_tscon_rdp_redirect.yml 05-Aug-2023 01:06 746
proc_creation_win_susp_uac_bypass_trustedpath.yml 05-Aug-2023 01:06 710
proc_creation_win_susp_use_of_csharp_console.yml 05-Aug-2023 01:06 744
proc_creation_win_susp_use_of_sqlps_bin.yml 05-Aug-2023 01:06 1293
proc_creation_win_susp_use_of_sqltoolsps_bin.yml 05-Aug-2023 01:06 1285
proc_creation_win_susp_use_of_te_bin.yml 05-Aug-2023 01:06 1143
proc_creation_win_susp_use_of_vsjitdebugger_bin..> 05-Aug-2023 01:06 1286
proc_creation_win_susp_userinit_child.yml 05-Aug-2023 01:06 836
proc_creation_win_susp_vaultcmd.yml 05-Aug-2023 01:06 833
proc_creation_win_susp_vboxdrvinst.yml 05-Aug-2023 01:06 1083
proc_creation_win_susp_vbscript_unc2452.yml 05-Aug-2023 01:06 845
proc_creation_win_susp_volsnap_disable.yml 05-Aug-2023 01:06 651
proc_creation_win_susp_web_request_cmd.yml 05-Aug-2023 01:06 1004
proc_creation_win_susp_webdav_client_execution.yml 05-Aug-2023 01:06 1011
proc_creation_win_susp_where_execution.yml 05-Aug-2023 01:06 1313
proc_creation_win_susp_whoami.yml 05-Aug-2023 01:06 872
proc_creation_win_susp_whoami_anomaly.yml 05-Aug-2023 01:06 1367
proc_creation_win_susp_whoami_as_param.yml 05-Aug-2023 01:06 600
proc_creation_win_susp_winrar_dmp.yml 05-Aug-2023 01:06 906
proc_creation_win_susp_winrar_execution.yml 05-Aug-2023 01:06 885
proc_creation_win_susp_winrm_awl_bypass.yml 05-Aug-2023 01:06 1138
proc_creation_win_susp_winrm_execution.yml 05-Aug-2023 01:06 846
proc_creation_win_susp_winzip.yml 05-Aug-2023 01:06 886
proc_creation_win_susp_wmi_execution.yml 05-Aug-2023 01:06 1307
proc_creation_win_susp_wmic_eventconsumer_creat..> 05-Aug-2023 01:06 880
proc_creation_win_susp_wmic_proc_create_rundll3..> 05-Aug-2023 01:06 586
proc_creation_win_susp_wmic_security_product_un..> 05-Aug-2023 01:06 1749
proc_creation_win_susp_workfolders.yml 05-Aug-2023 01:06 822
proc_creation_win_susp_wuauclt.yml 05-Aug-2023 01:06 898
proc_creation_win_susp_wuauclt_cmdline.yml 05-Aug-2023 01:06 701
proc_creation_win_susp_zip_compress.yml 05-Aug-2023 01:06 847
proc_creation_win_susp_zipexec.yml 05-Aug-2023 01:06 939
proc_creation_win_sysinternals_eula_accepted.yml 05-Aug-2023 01:06 753
proc_creation_win_sysinternals_psservice.yml 05-Aug-2023 01:06 727
proc_creation_win_sysmon_driver_unload.yml 05-Aug-2023 01:06 724
proc_creation_win_sysmon_uac_bypass_eventvwr.yml 05-Aug-2023 01:06 987
proc_creation_win_system_exe_anomaly.yml 05-Aug-2023 01:06 2349
proc_creation_win_tap_installer_execution.yml 05-Aug-2023 01:06 561
proc_creation_win_task_folder_evasion.yml 05-Aug-2023 01:06 1155
proc_creation_win_termserv_proc_spawn.yml 05-Aug-2023 01:06 948
proc_creation_win_tool_nircmd.yml 05-Aug-2023 01:06 1274
proc_creation_win_tool_nircmd_as_system.yml 05-Aug-2023 01:06 819
proc_creation_win_tool_nsudo_execution.yml 05-Aug-2023 01:06 1439
proc_creation_win_tool_psexec.yml 05-Aug-2023 01:06 957
proc_creation_win_tool_runx_as_system.yml 05-Aug-2023 01:06 753
proc_creation_win_tools_relay_attacks.yml 05-Aug-2023 01:06 1857
proc_creation_win_tor_browser.yml 05-Aug-2023 01:06 622
proc_creation_win_trust_discovery.yml 05-Aug-2023 01:06 1635
proc_creation_win_uac_bypass_changepk_slui.yml 05-Aug-2023 01:06 862
proc_creation_win_uac_bypass_cleanmgr.yml 05-Aug-2023 01:06 785
proc_creation_win_uac_bypass_cmstp.yml 05-Aug-2023 01:06 1125
proc_creation_win_uac_bypass_computerdefaults.yml 05-Aug-2023 01:06 781
proc_creation_win_uac_bypass_consent_comctl32.yml 05-Aug-2023 01:06 702
proc_creation_win_uac_bypass_dismhost.yml 05-Aug-2023 01:06 716
proc_creation_win_uac_bypass_fodhelper.yml 05-Aug-2023 01:06 903
proc_creation_win_uac_bypass_idiagnostic_profil..> 05-Aug-2023 01:06 763
proc_creation_win_uac_bypass_ieinstal.yml 05-Aug-2023 01:06 720
proc_creation_win_uac_bypass_msconfig_gui.yml 05-Aug-2023 01:06 739
proc_creation_win_uac_bypass_ntfs_reparse_point..> 05-Aug-2023 01:06 1187
proc_creation_win_uac_bypass_pkgmgr_dism.yml 05-Aug-2023 01:06 677
proc_creation_win_uac_bypass_winsat.yml 05-Aug-2023 01:06 766
proc_creation_win_uac_bypass_wmp.yml 05-Aug-2023 01:06 916
proc_creation_win_uac_bypass_wsreset.yml 05-Aug-2023 01:06 810
proc_creation_win_uac_bypass_wsreset_integrity_..> 05-Aug-2023 01:06 782
proc_creation_win_uninstall_crowdstrike_falcon.yml 05-Aug-2023 01:06 814
proc_creation_win_uninstall_sysmon.yml 05-Aug-2023 01:06 761
proc_creation_win_using_sc_to_change_sevice_ima..> 05-Aug-2023 01:06 1004
proc_creation_win_using_sc_to_hide_sevices.yml 05-Aug-2023 01:06 896
proc_creation_win_using_settingsynchost_as_lolb..> 05-Aug-2023 01:06 849
proc_creation_win_verclsid_runs_com.yml 05-Aug-2023 01:06 893
proc_creation_win_vmtoolsd_susp_child_process.yml 05-Aug-2023 01:06 1482
proc_creation_win_vul_java_remote_debugging.yml 05-Aug-2023 01:06 688
proc_creation_win_webshell_detection.yml 05-Aug-2023 01:06 2996
proc_creation_win_webshell_hacking.yml 05-Aug-2023 01:06 2967
proc_creation_win_webshell_recon_detection.yml 05-Aug-2023 01:06 1479
proc_creation_win_webshell_spawn.yml 05-Aug-2023 01:06 1674
proc_creation_win_whoami_as_priv_user.yml 05-Aug-2023 01:06 805
proc_creation_win_whoami_as_system.yml 05-Aug-2023 01:06 922
proc_creation_win_whoami_priv.yml 05-Aug-2023 01:06 897
proc_creation_win_win10_sched_task_0day.yml 05-Aug-2023 01:06 741
proc_creation_win_win_exchange_transportagent.yml 05-Aug-2023 01:06 713
proc_creation_win_winword_dll_load.yml 05-Aug-2023 01:06 660
proc_creation_win_wmi_backdoor_exchange_transpo..> 05-Aug-2023 01:06 690
proc_creation_win_wmi_persistence_script_event_..> 05-Aug-2023 01:06 623
proc_creation_win_wmi_spwns_powershell.yml 05-Aug-2023 01:06 1077
proc_creation_win_wmic_hotfix_enum.yml 05-Aug-2023 01:06 908
proc_creation_win_wmic_reconnaissance.yml 05-Aug-2023 01:06 1065
proc_creation_win_wmic_remote_command.yml 05-Aug-2023 01:06 845
proc_creation_win_wmic_remote_service.yml 05-Aug-2023 01:06 1210
proc_creation_win_wmic_remove_application.yml 05-Aug-2023 01:06 678
proc_creation_win_wmic_service.yml 05-Aug-2023 01:06 796
proc_creation_win_wmic_unquoted_service_search.yml 05-Aug-2023 01:06 1004
proc_creation_win_wmiprvse_spawning_process.yml 05-Aug-2023 01:06 1027
proc_creation_win_workflow_compiler.yml 05-Aug-2023 01:06 1069
proc_creation_win_write_protect_for_storage_dis..> 05-Aug-2023 01:06 837
proc_creation_win_wsreset_uac_bypass.yml 05-Aug-2023 01:06 773
proc_creation_win_xordump.yml 05-Aug-2023 01:06 737
proc_creation_win_xsl_script_processing.yml 05-Aug-2023 01:06 1380