Creation of an WerFault.exe in Unusual Folder (28a452f3-786c-4fd8-b8f2-bddbe9d616d1)

Detects WerFault copoed to a suspicious folder, which could be a sign of WerFault DLL hijacking

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Creation of an WerFault.exe in Unusual Folder (28a452f3-786c-4fd8-b8f2-bddbe9d616d1)	Sigma-Rules	DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2