From ec76e9e49f32d56711d6f3afd9d6fb48273923d8 Mon Sep 17 00:00:00 2001
From: hegusung <7390383+hegusung@users.noreply.github.com>
Date: Sun, 13 Oct 2024 13:07:06 +0200
Subject: [PATCH] Update Explorer.yml Tags

Added Tags:
- Execute EXE
- Input: Custom Format
---
 yml/OSBinaries/Explorer.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/yml/OSBinaries/Explorer.yml b/yml/OSBinaries/Explorer.yml
index 829f2f8..f488534 100644
--- a/yml/OSBinaries/Explorer.yml
+++ b/yml/OSBinaries/Explorer.yml
@@ -11,6 +11,9 @@ Commands:
     Privileges: User
     MitreID: T1202
     OperatingSystem: Windows XP, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
+    Tags:
+      - Execute: EXE
+      - Input: Custom Format
   - Command: explorer.exe C:\Windows\System32\notepad.exe
     Description: Execute notepad.exe with the parent process spawning from a new instance of explorer.exe
     Usecase: Performs execution of specified file with explorer parent process breaking the process tree, can be used for defense evasion.
@@ -18,6 +21,9 @@ Commands:
     Privileges: User
     MitreID: T1202
     OperatingSystem: Windows 10, Windows 11
+    Tags:
+      - Execute: EXE
+      - Input: Custom Format
 Full_Path:
   - Path: C:\Windows\explorer.exe
   - Path: C:\Windows\SysWOW64\explorer.exe