From 8b49ca20544629b88bd819314b690cad1b82b2ac Mon Sep 17 00:00:00 2001 From: eral4m <92914012+eral4m@users.noreply.github.com> Date: Thu, 21 Oct 2021 10:30:54 +0100 Subject: [PATCH] Update Stordiag.yml --- yml/OSBinaries/Stordiag.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yml/OSBinaries/Stordiag.yml b/yml/OSBinaries/Stordiag.yml index 576d021..23830b9 100644 --- a/yml/OSBinaries/Stordiag.yml +++ b/yml/OSBinaries/Stordiag.yml @@ -16,7 +16,7 @@ Full_Path: - Path: c:\windows\system32\stordiag.exe - Path: c:\windows\syswow64\stordiag.exe Detection: - - IOC: systeminfo.exe, fltmc.exe or schtasks.exe being executed outside of their normal path of c:\windows\system32\ or c:\windows\syswow64 + - IOC: systeminfo.exe, fltmc.exe or schtasks.exe being executed outside of their normal path of c:\windows\system32\ or c:\windows\syswow64\ Resources: - Link: https://twitter.com/eral4m/status/1451112385041911809