Regsvr32 Execution From Potential Suspicious Location (9525dc73-0327-438c-8c04-13c0e037e9da)

Detects execution of regsvr32 where the DLL is located in a potentially suspicious location.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	Regsvr32 Execution From Potential Suspicious Location (9525dc73-0327-438c-8c04-13c0e037e9da)	Sigma-Rules	1
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2