I would like to detect malware in this directory : c:\user\"login\AppData\Local\Temp
Could you help me for create a custom inventory rule for list all executable files in this directory ?

I have found this CIR :
ShellCommandTextReturn(c:\windows\system32\wbem\WMIC.exe datafile WHERE "drive='c:' AND path like '\\users\\%%' AND Extension='exe'" get name)

Thanks in advance
0 Comments   [ + ] Show Comments


Please log in to comment


Please log in to comment
Answer this question or Comment on this question for clarity