Skip to content

Commit

Permalink
AutoUpdate VQL and yara
Browse files Browse the repository at this point in the history
  • Loading branch information
@mgreen27 @github-actions
mgreen27 authored and github-actions[bot] committed Oct 6, 2024
1 parent 1640efd commit 6704316
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions vql/HijackLibsMFT.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -323,6 +323,7 @@ parameters:
prvdmofcomp.dll,Microsoft,\\Windows\\System32|\\Windows\\SysWOW64,\\Windows\\System32\\register-cimprovider\.exe,Sideloading,,https://hijacklibs.net/entries/microsoft/built-in/prvdmofcomp.html
puiapi.dll,Microsoft,\\Windows\\System32|\\Windows\\SysWOW64,\\Windows\\System32\\printui\.exe,Sideloading,,https://hijacklibs.net/entries/microsoft/built-in/puiapi.html
python310.dll,Python,\\Windows\\Program Files( \(x86\))?\\Python310|\\(Users\\[^\\]+|windows\\(System32|SysWOW64)\\config\\systemprofile)\\AppData\\[^\\]+\\Temp\\[^\\]+|\\Windows\\Program Files( \(x86\))?\\DWAgent\\runtime|%USERPROFILE%\\anaconda3,pythonw\.exe|dwagent\.exe,Sideloading,,https://hijacklibs.net/entries/3rd_party/python/python310.html
python311.dll,Python,\\Windows\\Program Files( \(x86\))?\\Python311|\\(Users\\[^\\]+|windows\\(System32|SysWOW64)\\config\\systemprofile)\\AppData\\[^\\]+\\Programs\\Python\\Python311,pythonw\.exe,Sideloading,24385D352B83222DC5AB92FA57B6649854ECD74DE378E279D8AC20A0B3B16009,https://hijacklibs.net/entries/3rd_party/python/python311.html
python39.dll,Python,\\Windows\\Program Files( \(x86\))?\\Python39|\\(Users\\[^\\]+|windows\\(System32|SysWOW64)\\config\\systemprofile)\\AppData\\[^\\]+\\Temp\\[^\\]+|\\Windows\\Program Files( \(x86\))?\\Microsoft Visual Studio\\2022\\Community\\Common7\\IDE\\CommonExtensions\\Microsoft\\VC\\SecurityIssueAnalysis\\python|%USERPROFILE%\\anaconda3,python39\.exe,Sideloading,,https://hijacklibs.net/entries/3rd_party/python/python39.html
qrt.dll,F-Secure,\\Windows\\Program Files( \(x86\))?\\F-Secure\\Anti-Virus,qrtfix\.exe,Sideloading,,https://hijacklibs.net/entries/3rd_party/f-secure/qrt.html
qt5core.dll,Electronic Arts,\\Windows\\Program Files( \(x86\))?\\Electronic Arts\\EA Desktop\\EA Desktop,\\Windows\\Program Files( \(x86\))?\\Electronic Arts\\EA Desktop\\EA Desktop\\EASteamProxy\.exe,Sideloading,4e775b5fafb4e6d89a4694f8694d2b8b540534bd4a52ff42f70095f1c929160e,https://hijacklibs.net/entries/3rd_party/electronicarts/qt5core.html
Expand Down

0 comments on commit 6704316

Please sign in to comment.