public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 12:42:19 +02:00
Code Issues Projects Releases Wiki Activity

Adding file paths (#416)

Browse Source
This commit is contained in:
ciwen3
2025-01-14 07:12:42 -08:00
committed by GitHub
parent b9a6cd6a87
commit e62749f81a
5 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
yml/OSBinaries/OneDriveStandaloneUpdater.yml
View File

@@ -13,6 +13,8 @@ Commands:
OperatingSystem: Windows 10
Full_Path:
- Path: 'C:\Users\<username>\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe'
- Path: C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe
- Path: C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe
Detection:
- IOC: HKCU\Software\Microsoft\OneDrive\UpdateOfficeConfig\UpdateRingSettingURLFromOC being set to a suspicious non-Microsoft controlled URL
- IOC: Reports of downloading from suspicious URLs in %localappdata%\OneDrive\setup\logs\StandaloneUpdate_*.log files