Merge PR #5503 from @ajpc500 - include cmd.exe child process

update: FileFix - Suspicious Child Process from Browser File Upload Abuse - add cmd.exe child process
---------

Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>

rules/windows/process_creation/proc_creation_win_filefix_browsers.yml

@@ -9,6 +9,7 @@ references:
     - https://mrd0x.com/filefix-clickfix-alternative/
 author: 0xFustang
 date: 2025-06-26
+modified: 2025-06-30
 tags:
     - attack.execution
     - attack.t1204.004
@@ -18,17 +19,18 @@ logsource:
 detection:
     selection:
         ParentImage|endswith:
-            - '\chrome.exe'
-            - '\msedge.exe'
-            - '\firefox.exe'
             - '\brave.exe'
+            - '\chrome.exe'
+            - '\firefox.exe'
+            - '\msedge.exe'
         Image|endswith:
+            - '\bitsadmin.exe'
+            - '\certutil.exe'
+            - '\cmd.exe'
+            - '\mshta.exe'
             - '\powershell.exe'
             - '\pwsh.exe'
             - '\regsvr32.exe'
-            - '\bitsadmin.exe'
-            - '\certutil.exe'
-            - '\mshta.exe'
         CommandLine|contains: '#'
     condition: selection
 falsepositives: