Scripting/CommandLine Process Spawned Regsvr32 (ab37a6ec-6068-432b-a64e-2c7bf95b1d22)

Detects various command line and scripting engines/processes such as "PowerShell", "Wscript", "Cmd", etc. spawning a "regsvr32" instance.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Scripting/CommandLine Process Spawned Regsvr32 (ab37a6ec-6068-432b-a64e-2c7bf95b1d22)	Sigma-Rules	Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	1
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab)	Attack Pattern	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	2