From 967d88a0fa7f27915be2cca807a35c26b9118edb Mon Sep 17 00:00:00 2001
From: itssixtyn3in <130003354+itssixtyn3in@users.noreply.github.com>
Date: Wed, 11 Jun 2025 11:30:51 -0700
Subject: [PATCH] Update Sqldumper.yml (#439)

---
 yml/OtherMSBinaries/Sqldumper.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/yml/OtherMSBinaries/Sqldumper.yml b/yml/OtherMSBinaries/Sqldumper.yml
index 935bcba..6230e8d 100644
--- a/yml/OtherMSBinaries/Sqldumper.yml
+++ b/yml/OtherMSBinaries/Sqldumper.yml
@@ -21,6 +21,7 @@ Commands:
 Full_Path:
   - Path: C:\Program Files\Microsoft SQL Server\90\Shared\SQLDumper.exe
   - Path: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis\AS OLEDB\140\SQLDumper.exe
+  - Path: C:\Program Files\Microsoft Power BI Desktop\bin\SqlDumper.exe
 Detection:
   - Sigma: https://github.com/SigmaHQ/sigma/blob/683b63f8184b93c9564c4310d10c571cbe367e1e/rules/windows/process_creation/proc_creation_win_lolbin_susp_sqldumper_activity.yml
   - Elastic: https://github.com/elastic/detection-rules/blob/f6421d8c534f295518a2c945f530e8afc4c8ad1b/rules/windows/credential_access_lsass_memdump_file_created.toml