Potential File Download Via MS-AppInstaller Protocol Handler (180c7c5c-d64b-4a63-86e9-68910451bc8b)

Detects usage of the "ms-appinstaller" protocol handler via command line to potentially download arbitrary files via AppInstaller.EXE The downloaded files are temporarly stored in ":\Users\%username%\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\INetCache\"

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Potential File Download Via MS-AppInstaller Protocol Handler (180c7c5c-d64b-4a63-86e9-68910451bc8b)	Sigma-Rules	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	1