Explorer NOUACCHECK Flag (534f2ef7-e8a2-4433-816d-c91bccde289b)

Detects suspicious starts of explorer.exe that use the /NOUACCHECK flag that allows to run all sub processes of that newly started explorer.exe without any UAC checks

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Explorer NOUACCHECK Flag (534f2ef7-e8a2-4433-816d-c91bccde289b)	Sigma-Rules	1
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073)	Attack Pattern	Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b)	Attack Pattern	2