Sdiagnhost Calling Suspicious Child Process (f3d39c45-de1a-4486-a687-ab126124f744)

Detects sdiagnhost.exe calling a suspicious child process (e.g. used in exploits for Follina / CVE-2022-30190)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Sdiagnhost Calling Suspicious Child Process (f3d39c45-de1a-4486-a687-ab126124f744)	Sigma-Rules	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	1
Sdiagnhost Calling Suspicious Child Process (f3d39c45-de1a-4486-a687-ab126124f744)	Sigma-Rules	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	1