Tag
This rule identifies potential timestomping behavior on Windows systems where the creation time of executable files in sensitive system directories is modified, potentially to blend malicious executables with legitimate system files and evade detection.