LoFP / dell power manager (c:\program files\dell\powermanager\dpmpowerplansetup.exe)

Techniques

• t1546
• t1546.003

Sample rules

WMI Persistence - Script Event Consumer File Write

• source: sigma
• technicques:
  • t1546
  • t1546.003

Description

Detects file writes of WMI script event consumer

Detection logic

condition: selection
selection:
  Image: C:\WINDOWS\system32\wbem\scrcons.exe