LoFP
/
t1037.001
t1037.001
Title
Tags
investigate the contents of the \"userinitmprlogonscript\" value to determine of the added script is legitimate
t1037
t1037.001
windows
sigma
legitimate addition of logon scripts via the command line by administrators or third party tools
t1037
t1037.001
windows
sigma
legitimate logon scripts or custom shells may trigger false positives. apply additional filters accordingly.
t1037
t1037.001
windows
sigma
LoFP
/
t1037.001