From c20f388444e68558ef3f3e6f69f9121dad2432bb Mon Sep 17 00:00:00 2001 From: Wietze Date: Wed, 26 Oct 2022 09:14:27 +0100 Subject: [PATCH] Fixing minor error in description of Explorer, closes #257 --- yml/OSBinaries/Explorer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yml/OSBinaries/Explorer.yml b/yml/OSBinaries/Explorer.yml index 538688b..0cac39e 100644 --- a/yml/OSBinaries/Explorer.yml +++ b/yml/OSBinaries/Explorer.yml @@ -12,7 +12,7 @@ Commands: MitreID: T1202 OperatingSystem: Windows XP, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 - Command: explorer.exe C:\Windows\System32\notepad.exe - Description: Execute calc.exe with the parent process spawning from a new instance of explorer.exe + Description: Execute notepad.exe with the parent process spawning from a new instance of explorer.exe Usecase: Performs execution of specified file with explorer parent process breaking the process tree, can be used for defense evasion. Category: Execute Privileges: User