I would like to detect malware in this directory : c:\user\"login\AppData\Local\Temp
Could you help me for create a custom inventory rule for list all executable files in this directory ?

I have found this CIR :
ShellCommandTextReturn(c:\windows\system32\wbem\WMIC.exe datafile WHERE "drive='c:' AND path like '\\users\\%%' AND Extension='exe'" get name)

Thanks in advance
0 Comments   [ + ] Show Comments


Please log in to comment


Please log in to comment
Answer this question or Comment on this question for clarity
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja