Potential Credential Dumping Via WER (9a4ccd1a-3526-4d99-b980-9f9c5d3a6ff3)

Detects potential credential dumping via Windows Error Reporting LSASS Shtinkering technique which uses the Windows Error Reporting to dump lsass

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	Potential Credential Dumping Via WER (9a4ccd1a-3526-4d99-b980-9f9c5d3a6ff3)	Sigma-Rules	1
LSASS Memory - T1003.001 (65f2d882-3f41-4d48-8a06-29af77ec9f90)	Attack Pattern	OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22)	Attack Pattern	2