2952d630a4
Merge PR #5774 from @mbabinski - Added rules related to ArcGIS Server Object Extension abuse
...
new: Suspicious File Created by ArcSOC.exe
new: Suspicious ArcSOC.exe Child Process
---------
Co-authored-by: Nasreddine Bencherchali <monsteroffire2@gmail.com >
2025-12-21 18:07:30 +01:00
da971a6f28
Merge PR #5809 from @phantinuss - bump evtx-baseline version to 0.8.3
...
chore: bump evtx-baseline version to 0.8.3
2025-12-21 18:02:45 +01:00
6d581764e7
Merge PR #5806 from @nasbench - Archive New Rule References
...
chore: archive new rule references and update cache file
---------
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2025-12-15 16:42:14 +01:00
685194383b
Merge PR #5804 from @swachchhanda000 - enhance rules related with file download from file sharing websites
...
update: Suspicious Remote AppX Package Locations - add github.com
update: BITS Transfer Job Download From File Sharing Domains - add github.com
update: Suspicious File Download From File Sharing Websites - File Stream - add github.com
update: Unusual File Download From File Sharing Websites - File Stream - add github.com
update: Network Communication Initiated To File Sharing Domains From Process Located In Suspicious Folder - add github.com
update: Network Connection Initiated From Process Located In Potentially Suspicious Or Uncommon Location - add github.com
update: Suspicious File Downloaded From File-Sharing Website Via Certutil.EXE - add github.com
update: Suspicious File Download From File Sharing Domain Via Curl.EXE - add github.com
update: Suspicious File Download From File Sharing Domain Via Wget.EXE - add github.com
2025-12-12 08:04:27 +05:45
c5b881019a
Merge PR #5777 from @swachchhanda000 - feat: more edrfreeze rules
...
new: WerFaultSecure Loading DbgCore or DbgHelp - EDR-Freeze
new: Suspicious Loading of Dbgcore/Dbghelp DLLs from Uncommon Location
new: Suspicious Process Access to LSASS with Dbgcore/Dbghelp DLLs
new: Suspicious Process Access of MsMpEng by WerFaultSecure - EDR-Freeze
update: Hacktool - EDR-Freeze Execution - add more coverage
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2025-12-10 15:29:38 +01:00
cce4545c10
Merge PR #5801 from @toheeb-orelope - add Invoke-DNSExfiltrator
...
update: Malicious PowerShell Scripts - FileCreation - add Invoke-DNSExfiltrator
update: Malicious PowerShell Scripts - PoshModule - add Invoke-DNSExfiltrator
update: Malicious PowerShell Commandlets - PoshModule - add Invoke-DNSExfiltrator
update: Malicious PowerShell Commandlets - ScriptBlock - add Invoke-DNSExfiltrator
update: Malicious PowerShell Commandlets - ProcessCreation - add Invoke-DNSExfiltrator
---------
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com >
2025-12-10 15:15:19 +01:00
6af6ad8ef7
Merge PR #5803 from @swachchhanda000 - chore: ci: regression test id consistency check
...
chore: ci: regression test id consistency check
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2025-12-10 09:57:22 +01:00
13aae8c1ea
Merge PR #5795 from @swachchhanda000 - Add new rules for CVE-2025-55182 / React2Shell
...
new: Windows Suspicious Child Process From Node.js - React2Shell
new: Linux Suspicious Child Process From Node.js - React2Shell
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2025-12-10 03:13:14 +01:00
cf3cbf8089
Merge PR #5799 from @nasbench - Update logic to use errorCode instead for better mapping and accuracy
...
update: Potential Malicious Usage of CloudTrail System Manager - Update logic to use errorCode instead for better mapping and accuracy
2025-12-09 10:17:50 +01:00
f05a8c4d94
Merge PR #5788 from @swachchhanda000 - Recon via RDP Logging Event
...
update: Potentially Suspicious EventLog Recon Activity Using Log Query Utilities - add more interesting event ids
---------
Co-authored-by: Nasreddine Bencherchali <nasbench@users.noreply.github.com >
2025-12-09 08:48:59 +05:45
f7f61a9f95
Merge PR #5789 from @swachchhanda000 - Add fps filter observed on ARM-based Windows updates
...
fix: Uncommon AppX Package Locations - filter out system32
fix: Unauthorized System Time Modification - filter out vmwaretools
fix: Files With System Process Name In Unsuspected Locations - filter windows temp
fix: Startup Folder File Write - filter out wuauclt.exe and C:$WinREAgent\Scratch\Mount\ directory
fix: Potentially Suspicious WDAC Policy File Creation - filter wuaucltcore.exe
fix: Creation of WerFault.exe/Wer.dll in Unusual Folder - filter C:\Windows\UUS\arm64\
fix: Potentially Suspicious Volume Shadow Copy Vsstrace.dll Load - filter C:$WinREAgent\Scratch\
fix: Potential System DLL Sideloading From Non System Locations - filter legitimate ARM based locations
fix: Potential Defense Evasion Via Raw Disk Access By Uncommon Tools - filter legitimate ARM based locations
---------
Co-authored-by: Nasreddine Bencherchali <nasbench@users.noreply.github.com >
2025-12-09 08:29:51 +05:45
f58b44eb16
Merge #5798 from @swachchhanda000 - fix: aurora fps
...
fix: Rare Remote Thread Creation By Uncommon Source Image - filter provtool system
fix: Load Of RstrtMgr.DLL By An Uncommon Process - filter OneDriveStandaloneUpdater.exe
fix: Wow6432Node CurrentVersion Autorun Keys Modification - filter null Details
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2025-12-09 08:21:14 +05:45
57c71b3b8a
Merge PR #5778 from @swachchhanda000 - fix: add some filters or tune rules to reduce false positives
...
fix: Suspicious desktop.ini Action - filter onedrive
fix: CredUI.DLL Loaded By Uncommon Process - filter systemapps
update: Renamed Office Binary Execution - add olk.exe matching on Microsoft Outlook
2025-12-09 08:15:03 +05:45
ed2650a0eb
Merge PR #5791 from @Niicolaa - fix: add correct osascript path
...
fix: GUI Input Capture - macOS - remove osascript wrong path
---------
Co-authored-by: Nasreddine Bencherchali <nasbench@users.noreply.github.com >
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com >
2025-12-09 08:03:04 +05:45
5656c48a97
Merge PR #5793 from @nasbench - Rename Auditd Folder Entries and update SYSCALL field
...
chore: rename auditd folders and others
update: Audio Capture - Updated syscall field to SYSCALL in order to make use of enriched logs
update: ASLR Disabled Via Sysctl or Direct Syscall - Linux - Updated syscall field to SYSCALL in order to make use of enriched logs
update: Clear or Disable Kernel Ring Buffer Logs via Syslog Syscall - Updated syscall field to SYSCALL in order to make use of enriched logs
update: System Info Discovery via Sysinfo Syscall - Updated syscall field to SYSCALL in order to make use of enriched logs
update: Special File Creation via Mknod Syscall - Updated syscall field to SYSCALL in order to make use of enriched logs
update: Webshell Remote Command Execution - Updated syscall field to SYSCALL in order to make use of enriched logs
2025-12-08 16:03:55 +01:00
0490e31eb5
Merge PR #5674 from @skaynum - Add HTML File Opened From Download Folder
...
new: HTML File Opened From Download Folder
---------
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com >
Co-authored-by: Nasreddine Bencherchali <monsteroffire2@gmail.com >
2025-12-05 01:22:04 +01:00
0aa29891df
Merge PR #5782 from @Koifman - Add Github Self-Hosted Runner Execution
...
new: Github Self-Hosted Runner Execution
---------
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com >
Co-authored-by: Nasreddine Bencherchali <monsteroffire2@gmail.com >
2025-12-04 00:55:53 +01:00
d9c93074d4
Merge PR #5785 from @RiqTam - Update Certutil download rules
...
update: Suspicious Download Via Certutil.EXE - add URL flag related with GUI-based download
update: Suspicious File Downloaded From File-Sharing Website Via Certutil.EXE - add URL flag related with GUI-based download
update: Suspicious File Downloaded From Direct IP Via Certutil.EXE - add URL flag related with GUI-based download
---------
Co-authored-by: Nasreddine Bencherchali <nasbench@users.noreply.github.com >
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com >
2025-12-03 11:57:45 +05:45
8e1b7815bb
Merge PR #5784 from @frack113 - Fix setup-python version in workflows
...
chore: fix setup-python version in the workflow
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
Co-authored-by: nasbench <monsteroffire2@gmail.com >
2025-12-02 11:29:54 +01:00
58f6aa51e5
Merge PR #5783 from @phantinuss - Update ATT&CK Heatmap Coverage
...
chore: update ATT&CK heatmap
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2025-12-01 16:56:17 +01:00
3565dee3eb
Merge PR #5536 from @suKTech24 - Add AWS GuardDuty Detector Deleted Or Updated
...
Goodlog Tests / check-baseline-win7 (push) Has been cancelled
Goodlog Tests / check-baseline-win10 (push) Has been cancelled
Goodlog Tests / check-baseline-win11 (push) Has been cancelled
Goodlog Tests / check-baseline-win11-2023 (push) Has been cancelled
Goodlog Tests / check-baseline-win2022 (push) Has been cancelled
Goodlog Tests / check-baseline-win2022-domain-controller (push) Has been cancelled
Goodlog Tests / check-baseline-win2022-0-20348-azure (push) Has been cancelled
Regression Tests / true-positive-tests (push) Has been cancelled
Create Release / Create Release (push) Has been cancelled
Sigma Rule Tests / yamllint (push) Has been cancelled
Validate Sigma rules / sigma-rules-validator (push) Has been cancelled
Sigma Rule Tests / test-sigma-logsource (push) Has been cancelled
Sigma Rule Tests / test-sigma-legacy (push) Has been cancelled
Sigma Rule Tests / sigma-check (push) Has been cancelled
Sigma Rule Tests / duplicate-id-check (push) Has been cancelled
new: AWS GuardDuty Detector Deleted Or Updated
---------
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2025-11-28 10:33:03 +01:00
0a6d929974
Merge PR #5482 from @swachchhanda000 - Update Suspicious Copy From or To System Directory
...
update: Suspicious Copy From or To System Directory - Update selection to use regex for better accuracy
update: LOL-Binary Copied From System Directory - Add ie4uinit.exe
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2025-11-27 23:44:35 +01:00
1821bcbb00
Merge PR #5475 from @swachchhanda000 - Add Renamed Schtasks Execution
...
new: Renamed Schtasks Execution
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2025-11-27 23:19:13 +01:00
3e9318e23f
Merge PR #5763 from @swachchhanda000 - Update ClickFix/FileFix related rules
...
removed: FileFix - Suspicious Child Process from Browser File Upload Abuse - Deprecated in favor of b5b29e4e-31fa-4fdf-b058-296e7a1aa0c2
new: DNS Query by Finger Utility
new: Network Connection Initiated via Finger.EXE
fix: Suspicious Explorer Process with Whitespace Padding - ClickFix/FileFix - Fix selection to use ParentImage instead of Image field
new: Suspicious FileFix Execution Pattern
update: FileFix - Command Evidence in TypedPaths - Added more markers
update: Potential ClickFix Execution Pattern - Registry - Add 2 new strings, "finger" and "identification"
chore: Update "test_rules.py" filename test with better output formatting
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
Co-authored-by: nasbench <monsteroffire2@gmail.com >
2025-11-27 23:00:25 +01:00
238e6f070f
Merge PR #5707 from @YxinMiracle - Add Grixba Malware Reconnaissance Activity
...
new: Grixba Malware Reconnaissance Activity
---------
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com >
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2025-11-27 22:36:53 +01:00
3cbce7d48c
Merge PR #5776 from @phantinuss - bump validator version 0.20
...
chore: bump validator version 0.20
2025-11-26 19:07:10 +01:00
b09cbc3083
Merge PR #5724 from @darses - update DNS Query to External Service Interaction Domains
...
update: DNS Query to External Service Interaction Domains - add additional domains and filters
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2025-11-26 11:52:21 +01:00
c141859b83
Merge PR #5775 from @swachchhanda000 - Restructure regression testing data directory
...
chore: restructure regression testing data directory
2025-11-26 11:08:11 +01:00
5f57f9e816
Merge PR #5766 from @SethHanford - Update Potential Container Discovery Via Inodes Listing
...
update: Potential Container Discovery Via Inodes Listing - replace contains globbing with more correct patterns using regex
---------
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com >
Co-authored-by: Nasreddine Bencherchali <monsteroffire2@gmail.com >
2025-11-25 16:29:32 +01:00
66e091c08c
Merge PR #5770 from @EzLucky - Update MITRE Attack mapping for Linux Capabilities Discovery
...
chore: update mitre att&ck tag
---------
Co-authored-by: nasbench <monsteroffire2@gmail.com >
2025-11-25 16:23:51 +01:00
2cb7375c6b
Merge PR #5719 from @nasbench - Add regression test CI, data and simulation links
...
update: Cred Dump Tools Dropped Files - Add procdump.exe and procdump64a.exe
update: File Download From Browser Process Via Inline URL - Enhance selection by splitting CLI markers for better matching
update: Tor Client/Browser Execution - Add additional PE metadata markers
update: System Information Discovery via Registry Queries - Enhance registry markers
update: PUA - AdFind Suspicious Execution - Add -sc to dclist string for more accurate coverage.
fix: Removal Of Index Value to Hide Schedule Task - Registry - Remove EventType condition that broke the rule.
fix: Removal Of SD Value to Hide Schedule Task - Registry - Remove EventType condition that broke the rule.
fix: Creation of a Local Hidden User Account by Registry - Fix the TargetObject value
fix: Potential Persistence Via New AMSI Providers - Registry - Change logsource and fix the rule logic
fix: Potential COM Object Hijacking Via TreatAs Subkey - Registry - Change logsource and fix the rule logic
fix: Potential Persistence Via Logon Scripts - Registry - Fix incorrect logsource
fix: PUA - Sysinternal Tool Execution - Registry - Fix incorrect logsource
fix: Suspicious Execution Of Renamed Sysinternals Tools - Registry - Fix incorrect logsource
fix: PUA - Sysinternals Tools Execution - Registry - Fix incorrect logsource
chore: add CI script for regression
chore: add regression data
---------
Co-authored-by: swachchhanda000 <87493836+swachchhanda000@users.noreply.github.com >
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2025-11-25 16:00:53 +01:00
23a375bfa6
Merge PR #5762 from @HullaBrian - Unsigned .node File Load
...
new: Unsigned .node File Loaded
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com >
2025-11-25 17:48:05 +05:45
5a2885c310
Merge PR #5627 from @tsale - Filename with Embedded Base64 Commands
...
new: Suspicious Filename with Embedded Base64 Commands
new: Potentially Suspicious Long Filename Pattern - Linux
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
Co-authored-by: swachchhanda000 <87493836+swachchhanda000@users.noreply.github.com >
Co-authored-by: nasbench <8741929+nasbench@users.noreply.github.com >
2025-11-24 15:33:42 +01:00
9d58e38bbc
Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field
...
remove: Space After Filename - Logic was incorrect and untested
update: Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection - Update selection
update: JexBoss Command Sequence - Update the selection to use the |all modifier.
chore: remove any usage of the fields field to prepare for deprecation in the spec.
2025-11-24 09:54:29 +01:00
bbbfb67ab0
Merge PR #5669 from @JasonPhang98 - Extend Atomic MacOS Stealer - FileGrabber Rules
...
remove: Atomic MacOS Stealer - FileGrabber Infostealer Execution - deprecate in favor of e710a880-1f18-4417-b6a0-b5afdf7e33da
new: Atomic MacOS Stealer - Persistence Indicators
new: Atomic MacOS Stealer - FileGrabber Activity
---------
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com >
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2025-11-24 08:37:52 +05:45
37024247ae
Merge PR #5761 from @swachchhanda000 - feat: Suspicious Kerberos ticket request via CLI
...
update: Suspicious Kerberos Ticket Request via PowerShell Script - ScriptBlock - Add the "GetRequest()" string
new: Suspicious Kerberos Ticket Request via CLI
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
Co-authored-by: Nasreddine Bencherchali <nasbench@users.noreply.github.com >
2025-11-23 21:12:40 +05:45
0d7658fb3a
Merge PR #5717 from @tropChaud - Add and Enhance Windows Default Domain GPO & RDP Tampering Rules
...
new: Windows Default Domain GPO Modification
new: Windows Default Domain GPO Modification via GPME
update: Potential Tampering With RDP Related Registry Keys Via Reg.EXE - Add coverage for SecurityLayer value
update: RDP Sensitive Settings Changed - Add coverage for SecurityLayer value
---------
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com >
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2025-11-23 20:36:08 +05:45
5121401b01
Merge PR #5652 from @swachchhanda000 - Abuse of WerFaultSecure for PPL Tampering
...
new: HackTool - WSASS Execution
update: System File Execution Location Anomaly - add Windows error reporting binaries
update: PPL Tampering Via WerFaultSecure - Rename and update metadata
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
Co-authored-by: Nasreddine Bencherchali <nasbench@users.noreply.github.com >
2025-11-23 20:00:17 +05:45
8c50909141
Merge PR #5746 from @deftoner - improve logsource format
...
chore: DNS Query To Visual Studio Code Tunnels Domain - improve logsource format
2025-11-21 12:13:42 +01:00
f448a13ce7
Merge PR #5591 from @swachchhanda000 - Registry Modifications through VBScripts
...
new: Registry Modification Attempt Via VBScript - PowerShell
new: Registry Modification Attempt Via VBScript
new: Registry Tampering by Potentially Suspicious Processes
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2025-11-21 11:54:19 +01:00
1da888c779
Merge PR #5725 from @Koifman - RDP Enable or Disable via Win32_TerminalServiceSetting WMI Class
...
new: RDP Enable or Disable via Win32_TerminalServiceSetting WMI Class
---------
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
Co-authored-by: swachchhanda000 <87493836+swachchhanda000@users.noreply.github.com >
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
2025-11-21 10:26:45 +01:00
4ac67452f1
Merge PR #5218 from @montysecurity - Suspicious ClickFix/FileFix Execution Pattern
...
new: Suspicious ClickFix/FileFix Execution Pattern
---------
Co-authored-by: Nasreddine Bencherchali <nasbench@users.noreply.github.com >
Co-authored-by: swachchhanda000 <87493836+swachchhanda000@users.noreply.github.com >
2025-11-21 13:53:59 +05:45
64ba98e044
Merge PR #5662 from @swachchhanda000 - Cisco ASA/FP SSL VPN Exploit (CVE-2025-20333 / CVE-2025-20362)
...
new: Cisco ASA/FP SSL VPN Exploit (CVE-2025-20333 / CVE-2025-20362) - Proxy
---------
Co-authored-by: Nasreddine Bencherchali <nasbench@users.noreply.github.com .>
2025-11-21 13:06:30 +05:45
e0bb355b3f
Merge PR #5550 from @Liran017 - Unusual svchost Command Line Parameter
...
new: Uncommon Svchost Command Line Parameter
---------
Co-authored-by: Nasreddine Bencherchali <nasbench@users.noreply.github.com >
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com >
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com >
2025-11-21 13:00:47 +05:45
55e61044ff
Merge PR #5519 from @jstnk9 - Suspicious Use of for Loop with Directory Search in CMD
...
new: Suspicious Usage of For Loop with Recursive Directory Search in CMD
---------
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com >
Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com >
2025-11-21 12:26:45 +05:45
ec14452cfe
Merge PR #5764 from @nasbench - Revise rule creation section in README
...
chore: Updated the rule creation section to include a high-level guide and the Sigma specification.
2025-11-19 12:48:39 +01:00
fe509498a5
Merge PR #5760 from @swachchhanda000 - Update README and fix a typo
...
chore: add Saeros project to the readme and fix a typo in the greetings file
2025-11-17 10:44:35 +01:00
ddcccfe4d3
Merge PR #5757 from @nasbench - Clone #5504
...
update: Potentially Suspicious NTFS Symlink Behavior Modification - Tighten logic to focus on proxy process such as cmd or powershell
---------
Co-authored-by: Swachchhanda Shrawan Poudel <87493836+swachchhanda000@users.noreply.github.com >
2025-11-17 12:23:57 +05:45
c2f1eb41bc
Merge PR #5756 from @phantinuss - add a check for duplicate IDs over all rules that ever existed
...
chore: ci: add a check for duplicate ids over all rules that ever existed
chore: change duplicate IDs in obsoleted rules
---------
Co-authored-by: nasbench <nasbench@users.noreply.github.com >
2025-11-13 14:22:02 +01:00
3d59e82504
Merge PR #5748 from @swachchhanda000 - feat: add new CLSID for COM Hijacking detection
...
update: COM Object Hijacking Via Modification Of Default System CLSID Default Value - add clsid of twinapi.dll
2025-11-13 10:03:01 +05:45
Micah Babinski