Fixing some paths / adding some paths, this will improve upstream hunting tool efficacy if proper paths are referenced in the yml (#392)

2024-10-22 16:49:11 +02:00 · 2024-09-07 15:07:46 +01:00 · 2024-09-07 15:07:46 +01:00 · cfd827fe6d
commit cfd827fe6d
parent 61bff01584
7 changed files with 175 additions and 163 deletions
--- a/yml/HonorableMentions/GfxDownloadWrapper.yml
+++ b/yml/HonorableMentions/GfxDownloadWrapper.yml
@ -12,162 +12,162 @@ Commands:
    MitreID: T1105
    OperatingSystem: Windows 10
 Full_Path:
-  - Path: c:\windows\system32\driverstore\filerepository\64kb6472.inf_amd64_3daef03bbe98572b\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_comp.inf_amd64_0e9c57ae3396e055\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_comp.inf_amd64_209bd95d56b1ac2d\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_comp.inf_amd64_3fa2a843f8b7f16d\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_comp.inf_amd64_85c860f05274baa0\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_comp.inf_amd64_f7412e3e3404de80\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_comp.inf_amd64_feb9f1cf05b0de58\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_component.inf_amd64_0219cc1c7085a93f\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_component.inf_amd64_df4f60b1cae9b14a\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dc_comp.inf_amd64_16eb18b0e2526e57\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dc_comp.inf_amd64_1c77f1231c19bc72\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dc_comp.inf_amd64_31c60cc38cfcca28\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dc_comp.inf_amd64_82f69cea8b2d928f\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dc_comp.inf_amd64_b4d94f3e41ceb839\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_0606619cc97463de\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_0e95edab338ad669\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_22aac1442d387216\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_2461d914696db722\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_29d727269a34edf5\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_2caf76dbce56546d\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_353320edb98da643\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_4ea0ed0af1507894\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_56a48f4f1c2da7a7\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_64f23fdadb76a511\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_668dd0c6d3f9fa0e\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_6be8e5b7f731a6e5\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_6dad7e4e9a8fa889\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_6df442103a1937a4\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_767e7683f9ad126c\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_8644298f665a12c4\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_868acf86149aef5d\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_92cf9d9d84f1d3db\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_93239c65f222d453\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_9de8154b682af864\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_a7428663aca90897\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_ad7cb5e55a410add\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_afbf41cf8ab202d7\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_d193c96475eaa96e\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_db953c52208ada71\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_e7523682cc7528cc\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_e9f341319ca84274\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_f3a64c75ee4defb7\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_f51939e52b944f4b\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch_comp.inf_amd64_4938423c9b9639d7\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch_comp.inf_amd64_c8e108d4a62c59d5\
-  - Path: c:\windows\system32\driverstore\filerepository\cui_dch_comp.inf_amd64_deecec7d232ced2b\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_01ee1299f4982efe\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_02edfc87000937e4\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_0541b698fc6e40b0\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_0707757077710fff\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_0b3e3ed3ace9602a\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_0cff362f9dff4228\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_16ed7d82b93e4f68\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_1a33d2f73651d989\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_1aca2a92a37fce23\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_1af2dd3e4df5fd61\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_1d571527c7083952\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_23f7302c2b9ee813\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_24de78387e6208e4\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_250db833a1cd577e\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_25e7c5a58c052bc5\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_28d80681d3523b1c\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_2dda3b1147a3a572\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_31ba00ea6900d67d\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_329877a66f240808\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_42af9f4718aa1395\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_4645af5c659ae51a\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_48c2e68e54c92258\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_48e7e903a369eae2\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_491d20003583dabe\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_4b34c18659561116\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_51ce968bf19942c2\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_555cfc07a674ecdd\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_561bd21d54545ed3\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_579a75f602cc2dce\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_57f66a4f0a97f1a3\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_587befb80671fb38\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_62f096fe77e085c0\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_6ae0ddbb4a38e23c\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_6bb02522ea3fdb0d\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_6d34ac0763025a06\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_712b6a0adbaabc0a\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_78b09d9681a2400f\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_842874489af34daa\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_88084eb1fe7cebc3\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_89033455cb08186f\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_8a9535cd18c90bc3\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_8c1fc948b5a01c52\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_9088b61921a6ff9f\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_90f68cd0dc48b625\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_95cb371d046d4b4c\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_a58de0cf5f3e9dca\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_abe9d37302f8b1ae\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_acb3edda7b82982f\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_aebc5a8535dd3184\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_b5d4c82c67b39358\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_b846bbf1e81ea3cf\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_babb2e8b8072ff3b\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_bc75cebf5edbbc50\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_be91293cf20d4372\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_c11f4d5f0bc4c592\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_c4e5173126d31cf0\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_c4f600ffe34acc7b\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_c8634ed19e331cda\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_c9081e50bcffa972\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_ceddadac8a2b489e\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_d4406f0ad6ec2581\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_d5877a2e0e6374b6\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_d8ca5f86add535ef\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_e8abe176c7b553b5\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_eabb3ac2c517211f\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_f8d8be8fea71e1a0\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_fe5e116bb07c0629\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_fe73d2ebaa05fb95\
-  - Path: c:\windows\system32\driverstore\filerepository\igdlh64_kbl_kit127397.inf_amd64_e1da8ee9e92ccadb\
-  - Path: c:\windows\system32\driverstore\filerepository\k127153.inf_amd64_364f43f2a27f7bd7\
-  - Path: c:\windows\system32\driverstore\filerepository\k127153.inf_amd64_3f3936d8dec668b8\
-  - Path: c:\windows\system32\driverstore\filerepository\k127793.inf_amd64_3ab7883eddccbf0f\
-  - Path: c:\windows\system32\driverstore\filerepository\ki129523.inf_amd64_32947eecf8f3e231\
-  - Path: c:\windows\system32\driverstore\filerepository\ki126950.inf_amd64_fa7f56314967630d\
-  - Path: c:\windows\system32\driverstore\filerepository\ki126951.inf_amd64_94804e3918169543\
-  - Path: c:\windows\system32\driverstore\filerepository\ki126973.inf_amd64_06dde156632145e3\
-  - Path: c:\windows\system32\driverstore\filerepository\ki126974.inf_amd64_9168fc04b8275db9\
-  - Path: c:\windows\system32\driverstore\filerepository\ki127005.inf_amd64_753576c4406c1193\
-  - Path: c:\windows\system32\driverstore\filerepository\ki127018.inf_amd64_0f67ff47e9e30716\
-  - Path: c:\windows\system32\driverstore\filerepository\ki127021.inf_amd64_0d68af55c12c7c17\
-  - Path: c:\windows\system32\driverstore\filerepository\ki127171.inf_amd64_368f8c7337214025\
-  - Path: c:\windows\system32\driverstore\filerepository\ki127176.inf_amd64_86c658cabfb17c9c\
-  - Path: c:\windows\system32\driverstore\filerepository\ki127390.inf_amd64_e1ccb879ece8f084\
-  - Path: c:\windows\system32\driverstore\filerepository\ki127678.inf_amd64_8427d3a09f47dfc1\
-  - Path: c:\windows\system32\driverstore\filerepository\ki127727.inf_amd64_cf8e31692f82192e\
-  - Path: c:\windows\system32\driverstore\filerepository\ki127807.inf_amd64_fc915899816dbc5d\
-  - Path: c:\windows\system32\driverstore\filerepository\ki127850.inf_amd64_6ad8d99023b59fd5\
-  - Path: c:\windows\system32\driverstore\filerepository\ki128602.inf_amd64_6ff790822fd674ab\
-  - Path: c:\windows\system32\driverstore\filerepository\ki128916.inf_amd64_3509e1eb83b83cfb\
-  - Path: c:\windows\system32\driverstore\filerepository\ki129407.inf_amd64_f26f36ac54ce3076\
-  - Path: c:\windows\system32\driverstore\filerepository\ki129633.inf_amd64_d9b8af875f664a8c\
-  - Path: c:\windows\system32\driverstore\filerepository\ki129866.inf_amd64_e7cdca9882c16f55\
-  - Path: c:\windows\system32\driverstore\filerepository\ki130274.inf_amd64_bafd2440fa1ffdd6\
-  - Path: c:\windows\system32\driverstore\filerepository\ki130350.inf_amd64_696b7c6764071b63\
-  - Path: c:\windows\system32\driverstore\filerepository\ki130409.inf_amd64_0d8d61270dfb4560\
-  - Path: c:\windows\system32\driverstore\filerepository\ki130471.inf_amd64_26ad6921447aa568\
-  - Path: c:\windows\system32\driverstore\filerepository\ki130624.inf_amd64_d85487143eec5e1a\
-  - Path: c:\windows\system32\driverstore\filerepository\ki130825.inf_amd64_ee3ba427c553f15f\
-  - Path: c:\windows\system32\driverstore\filerepository\ki130871.inf_amd64_382f7c369d4bf777\
-  - Path: c:\windows\system32\driverstore\filerepository\ki131064.inf_amd64_5d13f27a9a9843fa\
-  - Path: c:\windows\system32\driverstore\filerepository\ki131176.inf_amd64_fb4fe914575fdd15\
-  - Path: c:\windows\system32\driverstore\filerepository\ki131191.inf_amd64_d668106cb6f2eae0\
-  - Path: c:\windows\system32\driverstore\filerepository\ki131622.inf_amd64_0058d71ace34db73\
-  - Path: c:\windows\system32\driverstore\filerepository\ki132032.inf_amd64_f29660d80998e019\
-  - Path: c:\windows\system32\driverstore\filerepository\ki132337.inf_amd64_223d6831ffa64ab1\
-  - Path: c:\windows\system32\driverstore\filerepository\ki132535.inf_amd64_7875dff189ab2fa2\
-  - Path: c:\windows\system32\driverstore\filerepository\ki132544.inf_amd64_b8c1f31373153db4\
-  - Path: c:\windows\system32\driverstore\filerepository\ki132574.inf_amd64_54c9b905b975ee55\
-  - Path: c:\windows\system32\driverstore\filerepository\ki132869.inf_amd64_052eb72d070df60f\
-  - Path: c:\windows\system32\driverstore\filerepository\kit126731.inf_amd64_1905c9d5f38631d9\
+  - Path: c:\windows\system32\driverstore\filerepository\64kb6472.inf_amd64_3daef03bbe98572b\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_comp.inf_amd64_0e9c57ae3396e055\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_comp.inf_amd64_209bd95d56b1ac2d\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_comp.inf_amd64_3fa2a843f8b7f16d\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_comp.inf_amd64_85c860f05274baa0\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_comp.inf_amd64_f7412e3e3404de80\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_comp.inf_amd64_feb9f1cf05b0de58\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_component.inf_amd64_0219cc1c7085a93f\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_component.inf_amd64_df4f60b1cae9b14a\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dc_comp.inf_amd64_16eb18b0e2526e57\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dc_comp.inf_amd64_1c77f1231c19bc72\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dc_comp.inf_amd64_31c60cc38cfcca28\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dc_comp.inf_amd64_82f69cea8b2d928f\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dc_comp.inf_amd64_b4d94f3e41ceb839\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_0606619cc97463de\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_0e95edab338ad669\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_22aac1442d387216\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_2461d914696db722\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_29d727269a34edf5\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_2caf76dbce56546d\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_353320edb98da643\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_4ea0ed0af1507894\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_56a48f4f1c2da7a7\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_64f23fdadb76a511\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_668dd0c6d3f9fa0e\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_6be8e5b7f731a6e5\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_6dad7e4e9a8fa889\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_6df442103a1937a4\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_767e7683f9ad126c\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_8644298f665a12c4\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_868acf86149aef5d\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_92cf9d9d84f1d3db\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_93239c65f222d453\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_9de8154b682af864\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_a7428663aca90897\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_ad7cb5e55a410add\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_afbf41cf8ab202d7\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_d193c96475eaa96e\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_db953c52208ada71\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_e7523682cc7528cc\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_e9f341319ca84274\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_f3a64c75ee4defb7\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_f51939e52b944f4b\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch_comp.inf_amd64_4938423c9b9639d7\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch_comp.inf_amd64_c8e108d4a62c59d5\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\cui_dch_comp.inf_amd64_deecec7d232ced2b\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_01ee1299f4982efe\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_02edfc87000937e4\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_0541b698fc6e40b0\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_0707757077710fff\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_0b3e3ed3ace9602a\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_0cff362f9dff4228\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_16ed7d82b93e4f68\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_1a33d2f73651d989\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_1aca2a92a37fce23\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_1af2dd3e4df5fd61\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_1d571527c7083952\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_23f7302c2b9ee813\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_24de78387e6208e4\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_250db833a1cd577e\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_25e7c5a58c052bc5\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_28d80681d3523b1c\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_2dda3b1147a3a572\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_31ba00ea6900d67d\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_329877a66f240808\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_42af9f4718aa1395\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_4645af5c659ae51a\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_48c2e68e54c92258\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_48e7e903a369eae2\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_491d20003583dabe\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_4b34c18659561116\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_51ce968bf19942c2\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_555cfc07a674ecdd\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_561bd21d54545ed3\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_579a75f602cc2dce\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_57f66a4f0a97f1a3\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_587befb80671fb38\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_62f096fe77e085c0\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_6ae0ddbb4a38e23c\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_6bb02522ea3fdb0d\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_6d34ac0763025a06\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_712b6a0adbaabc0a\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_78b09d9681a2400f\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_842874489af34daa\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_88084eb1fe7cebc3\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_89033455cb08186f\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_8a9535cd18c90bc3\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_8c1fc948b5a01c52\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_9088b61921a6ff9f\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_90f68cd0dc48b625\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_95cb371d046d4b4c\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_a58de0cf5f3e9dca\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_abe9d37302f8b1ae\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_acb3edda7b82982f\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_aebc5a8535dd3184\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_b5d4c82c67b39358\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_b846bbf1e81ea3cf\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_babb2e8b8072ff3b\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_bc75cebf5edbbc50\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_be91293cf20d4372\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_c11f4d5f0bc4c592\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_c4e5173126d31cf0\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_c4f600ffe34acc7b\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_c8634ed19e331cda\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_c9081e50bcffa972\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_ceddadac8a2b489e\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_d4406f0ad6ec2581\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_d5877a2e0e6374b6\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_d8ca5f86add535ef\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_e8abe176c7b553b5\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_eabb3ac2c517211f\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_f8d8be8fea71e1a0\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_fe5e116bb07c0629\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64.inf_amd64_fe73d2ebaa05fb95\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\igdlh64_kbl_kit127397.inf_amd64_e1da8ee9e92ccadb\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\k127153.inf_amd64_364f43f2a27f7bd7\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\k127153.inf_amd64_3f3936d8dec668b8\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\k127793.inf_amd64_3ab7883eddccbf0f\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki129523.inf_amd64_32947eecf8f3e231\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki126950.inf_amd64_fa7f56314967630d\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki126951.inf_amd64_94804e3918169543\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki126973.inf_amd64_06dde156632145e3\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki126974.inf_amd64_9168fc04b8275db9\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki127005.inf_amd64_753576c4406c1193\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki127018.inf_amd64_0f67ff47e9e30716\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki127021.inf_amd64_0d68af55c12c7c17\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki127171.inf_amd64_368f8c7337214025\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki127176.inf_amd64_86c658cabfb17c9c\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki127390.inf_amd64_e1ccb879ece8f084\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki127678.inf_amd64_8427d3a09f47dfc1\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki127727.inf_amd64_cf8e31692f82192e\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki127807.inf_amd64_fc915899816dbc5d\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki127850.inf_amd64_6ad8d99023b59fd5\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki128602.inf_amd64_6ff790822fd674ab\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki128916.inf_amd64_3509e1eb83b83cfb\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki129407.inf_amd64_f26f36ac54ce3076\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki129633.inf_amd64_d9b8af875f664a8c\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki129866.inf_amd64_e7cdca9882c16f55\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki130274.inf_amd64_bafd2440fa1ffdd6\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki130350.inf_amd64_696b7c6764071b63\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki130409.inf_amd64_0d8d61270dfb4560\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki130471.inf_amd64_26ad6921447aa568\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki130624.inf_amd64_d85487143eec5e1a\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki130825.inf_amd64_ee3ba427c553f15f\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki130871.inf_amd64_382f7c369d4bf777\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki131064.inf_amd64_5d13f27a9a9843fa\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki131176.inf_amd64_fb4fe914575fdd15\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki131191.inf_amd64_d668106cb6f2eae0\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki131622.inf_amd64_0058d71ace34db73\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki132032.inf_amd64_f29660d80998e019\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki132337.inf_amd64_223d6831ffa64ab1\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki132535.inf_amd64_7875dff189ab2fa2\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki132544.inf_amd64_b8c1f31373153db4\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki132574.inf_amd64_54c9b905b975ee55\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\ki132869.inf_amd64_052eb72d070df60f\GfxDownloadWrapper.exe
+  - Path: c:\windows\system32\driverstore\filerepository\kit126731.inf_amd64_1905c9d5f38631d9\GfxDownloadWrapper.exe
 Detection:
  - Sigma: https://github.com/SigmaHQ/sigma/blob/62d4fd26b05f4d81973e7c8e80d7c1a0c6a29d0e/rules/windows/process_creation/proc_creation_win_lolbin_gfxdownloadwrapper_file_download.yml
  - IOC: Usually GfxDownloadWrapper downloads a JSON file from https://gameplayapi.intel.com.
--- a/yml/OSBinaries/Addinutil.yml
+++ b/yml/OSBinaries/Addinutil.yml
@ -14,6 +14,8 @@ Commands:
 Full_Path:
  - Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddinUtil.exe
  - Path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddinUtil.exe
+  - Path: C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+  - Path: C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe
 Code_Sample:
  - Code: https://gist.github.com/SILJAEUROPA/a850d476179d73df230a876944e9f3b1#file-addins-store
 Detection:
--- a/yml/OSBinaries/Csc.yml
+++ b/yml/OSBinaries/Csc.yml
@ -21,6 +21,10 @@ Commands:
 Full_Path:
  - Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe
  - Path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Csc.exe
+  - Path: C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe
+  - Path: C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe
+  - Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+  - Path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
 Code_Sample:
  - Code:
 Detection:
--- a/yml/OSBinaries/Ngen.yml
+++ b/yml/OSBinaries/Ngen.yml
@ -14,10 +14,10 @@ Commands:
    Tags:
      - Download: INetCache
 Full_Path:
-  - Path: C:\Windows\Microsoft.NET\Framework\v2.0.xxx\ngen.exe
-  - Path: C:\Windows\Microsoft.NET\Framework64\v2.0.xxx\ngen.exe
-  - Path: C:\Windows\Microsoft.NET\Framework\v4.0.xxx\ngen.exe
-  - Path: C:\Windows\Microsoft.NET\Framework64\v4.0.xxx\ngen.exe
+  - Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+  - Path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe
+  - Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
+  - Path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
 Acknowledgement:
  - Person: Avihay Eldad
    Handle: '@AvihayEldad'
--- a/yml/OSBinaries/Regsvcs.yml
+++ b/yml/OSBinaries/Regsvcs.yml
@ -25,8 +25,10 @@ Commands:
      - Execute: DLL
      - Input: Custom Format
 Full_Path:
-  - Path: c:\Windows\Microsoft.NET\Framework\v*\regsvcs.exe
-  - Path: c:\Windows\Microsoft.NET\Framework64\v*\regsvcs.exe
+  - Path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegSvcs.exe
+  - Path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
+  - Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+  - Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
 Detection:
  - Sigma: https://github.com/SigmaHQ/sigma/blob/6312dd1d44d309608552105c334948f793e89f48/rules/windows/process_creation/proc_creation_win_lolbin_regasm.yml
  - Elastic: https://github.com/elastic/detection-rules/blob/12577f7380f324fcee06dab3218582f4a11833e7/rules/windows/execution_register_server_program_connecting_to_the_internet.toml
--- a/yml/OSBinaries/Vbc.yml
+++ b/yml/OSBinaries/Vbc.yml
@ -23,8 +23,12 @@ Commands:
    Tags:
      - Execute: WSH
 Full_Path:
+  - Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
+  - Path: C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe
+  - Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  - Path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
  - Path: C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe
+  - Path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe
 Code_Sample:
  - Code:
 Detection:
--- a/yml/OtherMSBinaries/Agentexecutor.yml
+++ b/yml/OtherMSBinaries/Agentexecutor.yml
@ -19,7 +19,7 @@ Commands:
    MitreID: T1218
    OperatingSystem: Windows 10
 Full_Path:
-  - Path: C:\Program Files (x86)\Microsoft Intune Management Extension
+  - Path: C:\Program Files (x86)\Microsoft Intune Management Extension\AgentExecutor.exe
 Code_Sample:
  - Code:
 Detection: