From ada06c6eef1cf12b6d2d525e58122f63dc456181 Mon Sep 17 00:00:00 2001
From: mthcht <mathieuchotplassot@gmail.com>
Date: Sat, 21 Oct 2023 12:01:46 +0200
Subject: [PATCH] Additional expected paths for mscorsvc.dll,
 d3dcompiler_47.dll (#63)

---
 yml/microsoft/built-in/d3dcompiler_47.yml | 1 +
 yml/microsoft/built-in/mscorsvc.yml       | 1 +
 2 files changed, 2 insertions(+)

diff --git a/yml/microsoft/built-in/d3dcompiler_47.yml b/yml/microsoft/built-in/d3dcompiler_47.yml
index f82505fe..bf2641c3 100644
--- a/yml/microsoft/built-in/d3dcompiler_47.yml
+++ b/yml/microsoft/built-in/d3dcompiler_47.yml
@@ -11,6 +11,7 @@ ExpectedLocations:
 - '%PROGRAMFILES%\wireshark'
 - '%PROGRAMFILES%\cisco systems\cisco jabber'
 - '%PROGRAMFILES%\microsoft\edge\application\%VERSION%'
+- '%PROGRAMFILES%\Google\Chrome\Application\%VERSION%'
 - '%SYSTEM32%'
 - '%SYSWOW64%'
 ExpectedSignatureInformation:
diff --git a/yml/microsoft/built-in/mscorsvc.yml b/yml/microsoft/built-in/mscorsvc.yml
index 915e1c3b..58d25559 100644
--- a/yml/microsoft/built-in/mscorsvc.yml
+++ b/yml/microsoft/built-in/mscorsvc.yml
@@ -5,6 +5,7 @@ Created: 2023-04-04
 Vendor: Microsoft
 ExpectedLocations:
 - '%WINDIR%\Microsoft.NET\Framework\v%VERSION%'
+- '%WINDIR%\Microsoft.NET\Framework64\v%VERSION%'
 VulnerableExecutables:
 - Path: '%WINDIR%\Microsoft.NET\Framework\v%VERSION%\mscorsvw.exe'
   Type: Sideloading